Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-4660 PoC — Remote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe Access

Source
https://github.com/NetSPI/CVE-2025-4660
Associated Vulnerability
Title:Remote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe Access (CVE-2025-4660)
Description:A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.  This does not impact Linux or OSX Secure Connector.
Description
PoC for CVE-2025-4660 demonstrating exploitation of the Forescout SecureConnector on Windows
Readme
# Description
A PoC for CVE-2025-4660, Forescout SecureConnector RCE

## forescout_redirect.py
This is the exploit itself where you can redirect an agent to a specific IP address under the attackers control

## forescout_c2.py
A simple C2 implementation that speaks the ForeScout SecureConnector language
File Snapshot

 [4.0K]  /data/pocs/2deeeda9cd6db2e8e6c95f585573888e5ffc13d6
├── [ 11K]  forescout_c2.py
├── [2.1K]  forescout_redirect.py
├── [1.5K]  LICENSE
└── [ 306]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →