CVE-2025-61666 PoC — Traccar 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-61666.yaml

Associated Vulnerability

Title:Traccar 安全漏洞 (CVE-2025-61666)
Description:Traccar是美国Traccar公司的一个基于Java的可提供GPS跟踪功能的建站系统。该软件支持170多种GPS协议和1500多种型号的GPS跟踪设备。Traccar可以与任何主要的SQL数据库系统一起使用。它还提供了易于使用的REST API。 Traccar 6.1版本至6.8.1版本和5.8版本至6.0版本存在安全漏洞，该漏洞源于未经验证的文件包含，可能导致密码泄露或任意文件读取。

Description

Traccar 5.8-6.0 (non-default installs with web.override set) and 6.1-6.8.1 (default installs) contain a local file inclusion vulnerability caused by enabled web override configuration, letting unauthenticated attackers leak arbitrary files including passwords, exploit requires local access.

File Snapshot


 id: CVE-2025-61666

info:
  name: Traccar(Windows) 6.1- 6.8.1 - Local File Inclusion
  author: secur

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!