Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-60375 PoC — Perfex CRM 安全漏洞

Source
https://github.com/ajansha/CVE-2025-60375
Associated Vulnerability
Title:Perfex CRM 安全漏洞 (CVE-2025-60375)
Description:The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including administrative accounts, without providing valid credentials.
Readme
# CVE-2025-60375  — PerfexCRM Authentication Bypass 

**Advisory ID:** perfexcrm-auth-bypass-2025  
**CVE:** CVE-2025-60375  
**Product:** PerfexCRM  
**Affected versions:** versions prior to 3.3.1 (< 3.3.1)  
**Reported by:** Ajansha Shankar, Ahamed Yaseen  
**References:** OWASP Authentication Cheat Sheet — https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

---

## Summary
An authentication bypass exists in the admin login mechanism of PerfexCRM prior to version 3.3.1. The server's authentication workflow does not sufficiently validate the presence and contents of username/password parameters. An attacker who manipulates the login request to supply empty username and password parameters may be granted access to user accounts, including administrative accounts.

---

## Impact
- Unauthorized access to user accounts (including admin).  
- Potential full compromise of the application and sensitive data exposure.  
- Remote exploitation — attacker only needs the ability to send HTTP requests to the login endpoint.

---

## Technical details & reproduction
1. Intercept the POST request sent to the admin login endpoint (e.g., `/admin/auth/login`).  
2. Remove or set `username` and `password` fields to empty values in the request body.  
3. Forward the modified request. The server may respond with `419 Page expired` on refresh but will redirect to the dashboard and provide an authenticated session without valid credentials.

**Root cause (summary):** insufficient server-side validation and improper control flow that allows session or application logic to mark the request as authenticated even with missing credentials.

---

## Mitigation / Remediation
- Fix server-side authentication: reject requests missing username or password with an explicit 4xx error (e.g., 400/401).  
- Ensure session creation and privilege assignment only happen after successful credential verification.  
- Add unit and integration tests to validate behavior against empty/missing credential values.  
- Consider adding rate-limiting and monitoring for suspicious login attempts while fix is deployed.

---

## Suggested CVSS (example)
- CVSS v3.1 (example): **7.8 (High)** — AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N  
> Note: This is an estimated vector for triage. Provide a precise CVSS vector after coordinated disclosure.

---

## Contact / Credit
- Reported by: Ajansha Shankar and Ahamed Yaseen

## Reference
https://www.cve.org/CVERecord?id=CVE-2025-60375
https://www.tenable.com/cve/CVE-2025-60375
File Snapshot

 [4.0K]  /data/pocs/4dbc4b83e2db2d4aaa891156796ce57c8a072156
└── [2.5K]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →