CVE-2025-27580 PoC — NIH BRICS 安全漏洞

Source

https://github.com/TrustStackSecurity/CVE-2025-27580

Associated Vulnerability

Title:NIH BRICS 安全漏洞 (CVE-2025-27580)
Description:NIH BRICS是美国NIH中心的一个生物医学研究信息学计算系统。 NIH BRICS 14.0.0-67及之前版本存在安全漏洞，该漏洞源于生成可预测令牌，可能导致权限提升。

Description

Exploit for CVE-2025-27580: A predictable token vulnerability in NIH BRICS through 14.0.0-67 allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.

Readme

# CVE-2025-27580: Unauthenticated Account Takeover in NIH BRICS

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.

Published a write-up: https://bugculture.io/CVE-2025-27580/

Discovered by Chandler Rose (Founder/Security Consultant), February 2025.

References:

- https://www.cve.org/CVERecord?id=CVE-2025-27580

File Snapshot


 [4.0K]  /data/pocs/1c3789ffa2cb0383222ea933c21948aad35d0349
├── [ 758]  exploit.py
└── [ 588]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!