Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-23167 PoC — Node.js 安全漏洞

Source
https://github.com/abhisek3122/CVE-2025-23167
Associated Vulnerability
Title:Node.js 安全漏洞 (CVE-2025-23167)
Description:A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Description
Working exploit for CVE-2025-23167 – HTTP request smuggling in vulnerable Node.js 20.x versions before 20.19.2
Readme
# CVE-2025-23167 – Node.js HTTP Request Smuggling Exploit

Working exploit for CVE-2025-23167, a request smuggling vulnerability affecting Node.js 20.x versions prior to v20.19.2. This bug allows improper HTTP header termination, enabling attackers to bypass proxy-based access controls.

## Files
- exploit.py – Python3-based Exploit for the vulnerability.
- lab.js – Simple Node.js server to simulate a vulnerable environment.

## Usage

### Exploit
To run the exploit script:
- Run, `python3 exploit.py <target-domain-or-ip> <port>`

### Sample Input & Output
![Sample Input & Output](./sample.png)

### Lab Setup
To set up the test environment:
- Make sure you're using Node.js v20.19.1 or below.
- Install express (`npm install express`).
- Then run, `node lab.js` to run the server.
- The server will be available at http://localhost:8989 (or your chosen port).
File Snapshot

 [4.0K]  /data/pocs/7c571bdbde9ddaf6f6ad12e82b65482d43d0ec6a
├── [1.4K]  exploit.py
├── [ 903]  lab.js
├── [ 874]  README.md
└── [744K]  sample.png

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →