CVE-2025-55763 PoC — CivetWeb 安全漏洞

Source

https://github.com/krispybyte/CVE-2025-55763

Associated Vulnerability

Title:CivetWeb 安全漏洞 (CVE-2025-55763)
Description:CivetWeb是开源（Civetweb）的一个易于使用、功能强大、可嵌入 C/C++ 的 Web 服务器，具有可选的 CGI、SSL 和 Lua 支持。 CivetWeb 1.14至1.16版本存在安全漏洞，该漏洞源于URI解析器存在缓冲区溢出，可能导致远程代码执行。

Description

Heap overflow PoC for CivetWeb CVE-2025-55763

Readme

## CVE-2025-55763
Buffer Overflow in the URI parser of CivetWeb 1.14-1.16 (latest as of yet).

## Vulnerable code
The crash occurs on [line 15599 of src/civetweb.c](https://github.com/civetweb/civetweb/blob/master/src/civetweb.c#L15599).

## Fix
See the [pull request](https://github.com/civetweb/civetweb/pull/1347).

## PoC
The PoC crashes the server performing an heap overflow, however it is possible to achieve remote code execution by crafting an exploit for this vulnerability.

`cat http_request_crash_input.txt | nc 127.0.0.1 8080`

File Snapshot


 [4.0K]  /data/pocs/6fd38bbf2f6f61fe82feaeb7ffd84c20997498e4
├── [ 11K]  http_request_crash_input.txt
└── [ 541]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!