Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-55763 PoC — CivetWeb 安全漏洞

Source
https://github.com/krispybyte/CVE-2025-55763
Associated Vulnerability
Title:CivetWeb 安全漏洞 (CVE-2025-55763)
Description:Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.
Description
Heap overflow PoC for CivetWeb CVE-2025-55763
Readme
## CVE-2025-55763
Buffer Overflow in the URI parser of CivetWeb 1.14-1.16 (latest as of yet).

## Vulnerable code
The crash occurs on [line 15599 of src/civetweb.c](https://github.com/civetweb/civetweb/blob/master/src/civetweb.c#L15599).

## Fix
See the [pull request](https://github.com/civetweb/civetweb/pull/1347).

## PoC
The PoC crashes the server performing an heap overflow, however it is possible to achieve remote code execution by crafting an exploit for this vulnerability.

`cat http_request_crash_input.txt | nc 127.0.0.1 8080`
File Snapshot

 [4.0K]  /data/pocs/6fd38bbf2f6f61fe82feaeb7ffd84c20997498e4
├── [ 11K]  http_request_crash_input.txt
└── [ 541]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →