Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-60375 PoC — Perfex CRM 安全漏洞

Source
https://github.com/AhamedYaseen03/CVE-2025-60375
Associated Vulnerability
Title:Perfex CRM 安全漏洞 (CVE-2025-60375)
Description:The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including administrative accounts, without providing valid credentials.
Description
CVE-2025-60375 — Authentication bypass / incorrect access control in PerfexCRM < 3.3.1 (admin login)
Readme
# CVE-2025-60375
CVE-2025-60375 — Authentication bypass / incorrect access control in PerfexCRM &lt; 3.3.1 (admin login)

## Summary
**Vulnerability type:** Incorrect Access Control — Authentication bypass  
**Affected product:** PerfexCRM < 3.3.1  
**CVE:** CVE-2025-60375 (Published)  

**Brief description:**  
The authentication mechanism in PerfexCRM versions prior to 3.3.1 fails to validate username/password parameters server-side. By sending empty username and password parameters in an intercepted login request, an attacker can bypass authentication and gain access to accounts (including admin accounts).

---

## Affected component
- Admin login / Authentication system

## Attack type
- Remote

## Impact
- Privilege escalation: true (attacker can access administrative dashboard)
- Information disclosure: true (access to account-specific data)

## Reproduction steps (as discovered)
1. Navigate to the PerfexCRM admin login page.  
2. Intercept the login request with a proxy tool (e.g., Burp Suite).  
3. Remove or empty the `username` and `password` parameters in the login request payload (send empty parameters).  
4. Forward the modified request.  
5. Refresh if needed; observe a `419 Page expired` then automatic redirect to the dashboard.  
6. The system grants access without valid credentials.

> Note: Steps above are the original discovery steps reported by Ajansha Shankar and Ahamed Yaseen.

## References
- OWASP Authentication Cheat Sheet — guidance on server-side validation and authentication controls.  
  https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

## Mitigation / Recommended fix
- Implement strict server-side validation for authentication parameters. Reject requests with missing/empty username or password and return an appropriate 4xx response.  
- Ensure session creation and authentication logic are only executed after successful credential validation.  
- Add automated tests that assert empty or missing credentials never result in a successful login.  
- Backport patches to all supported branches and publish CVE / advisory once fixed.

## Discoverers / Credit
[Ahamed Yaseen](https://www.linkedin.com/in/ahamed-yaseen-a1216b93/)
, [Ajansha Shankar](https://www.linkedin.com/in/ajansha-shankar/)

## CVE Links
- https://www.cve.org/CVERecord?id=CVE-2025-60375
- https://www.cvedetails.com/cve/CVE-2025-60375/
- https://nvd.nist.gov/vuln/detail/CVE-2025-60375
File Snapshot

 [4.0K]  /data/pocs/4c76116c69fcaa11e527ffd5b95f7b426a570d00
├── [2.4K]  README.md
└── [2.5K]  Security.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →