Share
## https://sploitus.com/exploit?id=2304888E-D711-5136-9188-D8C3C876EA64
# CVE-2025-59528 PoC

>โš ๏ธ For educational and authorized security research only.
Running this tool against systems you do not own or lack written permission to test is illegal.

Python proof of concept for CVE-2025-59528. Script logs in to target LibreChat instance, extracts auth cookies, then sends crafted request to `/api/v1/node-load-method/customMCP` to trigger command execution.

- Advisory: https://github.com/advisories/GHSA-3gcm-f6qx-ff7p

## How to use it

1. Run `python3 poc.py`
2. Enter target URL or IP when prompted
3. Enter valid email and password
4. Enter command to execute on target

Example:

```text
$ python3 poc.py
Machine URL/IP: https://target.example
Email: user@example.com
Password: password123
Command (space acceptable): id
```

## Notes

- Use only against systems you own or have permission to test.
- Script supports `http` or `https`.
- If URL has no scheme, script asks for protocol.