## https://sploitus.com/exploit?id=0C309248-9E9B-5250-AB89-80009B3C5E49
# CraftCMS CVE-2025-32432 Vulnerability Exploitation Tool Set
A vulnerability exploitation tool set for CraftCMS, based on research by SensePost. ## ๐ File Description
### ๐ฏ Main Tools
1. **`final_poc.py`** โ Finalized POC
- Supports information leakage and remote code execution
- Automatically discovers asset IDs
- Various session injection methods
- Detailed debugging mode
2. **`test.py`** โ Simplified version of the original SensePost article
- Includes automatic asset ID retrieval functionality
- Uses `yii\rbac\PhpManager` methods
3. **`automated_testing.py`** โ Automated testing framework
- Concurrent testing of multiple targets
- Detailed test reports
- JSON result output
### ๐ Auxiliary Files
4. **`exploit_summary.md`** โ Vulnerability analysis summary
5. **`test_results.json`** โ Automated test results
6. **`vulnerable.txt`** โ List of confirmed vulnerabilities
## ๐ Usage Instructions
### Basic Usage
```bash
# Basic POC test
python3 final_poc.py https://target.com/ id
# Debug mode
python3 final_poc.py https://target.com/ "whoami" --debug
# Simplified version
python3 test.py https://target.com/ "ls -la"
```
### Automated Testing
```bash
# Create target files
python3 automated_testing.py --create-targets
# Run batch tests
python3 automated_testing.py
```
## โ ๏ธ Important Notes
### Vulnerability Mechanism
1. **Information Leakage**: Uses `GuzzleHttp\Psr7\FnStream` to call `phpinfo()`
2. **Code Execution**: Uses `yii\rbac\PhpManager` to load PHP code from session files
### Limitations
- **Site Lock Protection**: Many CraftCMS sites have access protection enabled
- **Session Path**: Session file paths may differ across environments
- **WAF Interception**: May be blocked by Web application firewalls
### Test Environment
- Command output may not be visible on protected sites
- It is recommended to validate in an unblocked test environment
## ๐ก๏ธ Protection Recommendations
1. **Upgrade CraftCMS** to fixed versions:
- 3.9.15+
- 4.14.15+
- 5.6.17+
2. **Enable Site Lock** to protect the admin panel
3. **Restrict access to session files**
4. **Deploy WAF rules** to detect malicious payloads
## ๐ Technical References
- [SensePost CVE-2025-32432 Analysis](https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/)
- CraftCMS official security announcements
## โ๏ธ Disclaimer
This tool is used solely for security research and authorized penetration testing. Users must comply with local laws and regulations and must not use it for illegal purposes.