CVE-2025-23061 PoC — Mongoose 代码注入漏洞

Source

https://github.com/dajneem23/CVE-2025-23061

Associated Vulnerability

Title:Mongoose 代码注入漏洞 (CVE-2025-23061)
Description:Mongoose是Automattic开源的一个 MongoDB 对象建模，旨在在异步环境中工作。 Mongoose 8.9.5之前版本存在代码注入漏洞，该漏洞源于错误地使用嵌套的过滤器和populate()匹配，从而导致搜索注入。

Description

CVE-2025-23061 - Mongoose Command Injection

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!