CVE-2025-48461 PoC — Weak Session Cookie Entropy

Source

https://github.com/joelczk/CVE-2025-48461

Associated Vulnerability

Title:Weak Session Cookie Entropy (CVE-2025-48461)
Description:Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.

Readme

# CVE-2025-48461
Predictable session cookies that can be bruteforced to gain unauthorized access to Advantech WISE portal
# Summary
During examination of Advantech WISE-4060 web portal, I have discovered that the session cookies used to authenticate to the web portal follows the pattern ```60D01EXXXXX```. This allows any unauthorized attacker to generate all possible permutations of all the session cookies and carry out a bruteforce attack against the portal to find a valid session cookie used to authenticate to the web portal. 

This vulnerability was discovered during SPIRICYBER-24 IoT/ OT Hackathon organized by CSA(Cybersecurity Agency of Singapore)

# Impact
Any unauthorized user is able to authenticate as an admin user and modify settings/firmware for Advantech WISE-4060

# References
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/

https://www.cve.org/CVERecord?id=CVE-2025-48461

# Timeline
- 2024-08-10: Report submitted to SpiritCyber IoT Hackathon triage team
- 2024-08-20: Report accepted by triage team
- 2025-06-17: CSA SingCert assigns CVE-2025-48461
- 2025-06-24: Public disclosure

File Snapshot


 [4.0K]  /data/pocs/e4d5b79487361acd2423bd8635480c4eff77801e
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!