## https://sploitus.com/exploit?id=BDD2BFB9-2490-558F-B2CE-A14B786899D3
# CVE-2025-0133
Palo Alto PAN-OS reflected XSS in the GlobalProtect gateway and portal
`getconfig.esp` handler. The `user` query parameter is reflected unencoded
into the Captive Portal page; an attacker who lures an authenticated
GlobalProtect user to a crafted link can execute JavaScript in the trust
context of the corporate VPN portal, which makes phishing campaigns far more
effective.
Disclosed May 2025. Patched in PAN-SA-2025-0005. Discovered by
[XBOW](https://xbow.com/), Anthropic's autonomous bug-hunting agent. This
toolkit is a port of the validation pipeline originally built for
CVE-2020-3580 โ same architecture, different endpoint, different parameter,
five years of CVEs apart.
This repo contains:
- `xss.html` โ the human-verifiable PoC; edit `TARGET_HOST` and open in a
browser to see the prompt fire.
- `src/` โ a discovery + scope-aware validation pipeline.
- `docs/` โ methodology and ethics.
## What the pipeline does
```
โโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ Shodan โ โ โ scope match โ โ โ canary check โ โ โ MD report โ
โ (3 dorks)โ โ (H1, BC, +) โ โ (no JS exec) โ โ drafts โ
โโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
```
Each stage writes an inspectable JSON artifact and runs independently.
The validator does **not** fire `prompt()`. It GETs `/ssl-vpn/getconfig.esp`
with a unique canary string in the `user` parameter and grades the response
body. Confirmed hits get a Markdown draft with the original `xss.html`
referenced for the program reviewer to verify in their own browser.
## Setup
```bash
git clone https://github.com/cruxN3T/CVE-2025-0133
cd CVE-2025-0133
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp creds.env.example creds.env
$EDITOR creds.env # add your Shodan key, optionally H1/BC tokens
```
`creds.env` is gitignored. The `.gitignore` blocks any file matching `*.env`
(except `*.env.example`), plus `data/` and `reports/` to keep target lists
and validation excerpts off the public repo.
## Usage
End-to-end:
```bash
python -m src.pipeline run
```
Or stage-by-stage:
```bash
python -m src.pipeline discover # Shodan โ data/shodan_hits.json
python -m src.pipeline scope # match โ data/in_scope.json
python -m src.pipeline validate # canary โ data/validation.json
python -m src.pipeline report # โ reports/__CVE-2025-0133.md
```
The `scope` stage works without any API keys โ it pulls from
`arkadiyt/bounty-targets-data`. Adding `H1_USERNAME` + `H1_API_TOKEN` to
`creds.env` and running `H1_LIVE=true python -m src.pipeline scope` augments
that with fresh data from the HackerOne Hacker API (slower; only useful if
you suspect a program brief changed today).
## Configuration
Everything lives in `creds.env`. See `creds.env.example` for the full list.
The two knobs worth knowing:
- `SCOPE_PLATFORMS` โ comma-separated. Defaults to `hackerone,bugcrowd`. Add
`intigriti` and `yeswehack` if you want broader coverage.
- `TARGET_RPM` โ per-host requests per minute. Default 10. Don't raise this
without a reason.
## Read these before running it
- [`docs/ETHICS.md`](docs/ETHICS.md) โ what scope match does and doesn't
authorize, and what the validator deliberately does not do.
- [`docs/METHODOLOGY.md`](docs/METHODOLOGY.md) โ how reflection grading
works and why each stage exists.
## Notes on this CVE specifically
- **Severity is medium, not critical.** This is reflected XSS requiring
user interaction. CVSS 4.0 base of 5.1, up to 6.9 with Clientless VPN
enabled. Programs accept it but expect lower payouts than RCE-class.
- **Third-party software exclusion is a real concern.** Many programs
explicitly exclude vendor n-days from scope or redirect to vendor PSIRT.
Read each program brief before validating, even after scope match.
- **Mass-scanning competition is real.** A public Nuclei template for
CVE-2025-0133 exists; every hunter has been scanning since June 2025.
Your edge is in coverage of programs others have skipped (smaller VDPs,
recently-launched programs, regional programs) and in well-presented
reports that triagers can confirm fast.
## What this repo is not
Not a mass-exploitation tool. Not a substitute for reading the program
brief on the platform before you submit. The scope matcher is a starting
point; the policy text is the contract.
## License
MIT. See [`LICENSE`](LICENSE).