支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: 31457fcc7897dfbb349ccf9d3fe4ba8b86f91a9f

来源
https://github.com/B1ack4sh/Blackash-CVE-2025-22870
关联漏洞
标题:Google Go 安全漏洞 (CVE-2025-22870)
描述:Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。 Google Go存在安全漏洞,该漏洞源于IPv6区域ID被错误地视为主机名的一部分,可能导致代理匹配错误。
描述
CVE-2025-22870
介绍
# CVE-2025-22870 – Proxy Bypass via IPv6 Zone Parsing in Go 🔐

### 🧠 Description:

Go's HTTP libraries (`net/http`, `x/net/proxy`, `httpproxy`) misinterpret IPv6 zone identifiers like `%25` in hostnames when processing `NO_PROXY` rules.
This allows an attacker to craft a hostname like `[::1%25.example.com]:80`, which wrongly matches `.example.com` and **bypasses the configured proxy**, sending the request directly.

---

### ⚠️ Severity:

* **CVSS 3.1**: 4.4 (Medium)
* Some distributions (like Amazon Linux) rate it higher, up to **6.5**, due to remote exploit potential.

---

### 🎯 Affected Components:

* **Go programming language**: versions before **1.24.1** and **1.23.7**
* **golang.org/x/net** modules (like `httpproxy`): before **v0.36.0**
* Linux distros packaging these versions, e.g., Ubuntu, Debian, Alpine, Amazon Linux, SUSE

---

### 🧨 Exploit Scenario:

An attacker could:

* Exploit the mismatch in proxy matching
* Perform **SSRF** (Server-Side Request Forgery)
* Reach internal services that should be protected by a proxy

---

### ✅ Mitigation Steps:

1. **Upgrade Go** to at least **1.24.1** or **1.23.7**
2. **Update x/net libraries** to **v0.36.0 or newer**
3. **Rebuild containers or software** using older Go versions
4. **Audit proxy bypass settings** (`NO_PROXY`) to detect misuse of `%25` and zone identifiers

---

### 🧩 Technical Insight:

* `%25` is the URL-encoded form of `%`, used in IPv6 zone identifiers like `[fe80::1%eth0]`.
* Go fails to sanitize this, causing misclassification in hostname matching logic.

---

### 📌 Summary:

While rated "medium", this vulnerability becomes more serious in environments relying on strict proxy rules (e.g., cloud environments, zero-trust networks). Immediate patching and review of `NO_PROXY` behavior are highly recommended.


---

### 🕷️ Vulnerability Details:


The PoC exploits a vulnerability in the `golang.org/x/net/http/httpproxy` package, specifically in the way it parses IPv6 zone identifiers when matching against `NO_PROXY` rules.


The payload used is:

```
[::1%25.example.com]:7777
```

---

### ⚠️ Disclaimer:

> This content is shared **for educational and informational purposes only** 🧠.
> Any demonstrations, examples, or technical descriptions provided are intended to help developers, system administrators, and security professionals understand the nature of the vulnerability and how to protect against it 🛡️.
> **Do not use this information for unauthorized or malicious activities.**
> Misuse of such knowledge may violate laws and lead to serious consequences 🚫.
> Always act ethically and within legal boundaries ⚖️.
文件快照

 [4.0K]  /data/pocs/31457fcc7897dfbb349ccf9d3fe4ba8b86f91a9f
├── [ 397]  CVE-2025-22870.go
└── [2.6K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。