Exploit for CVE-2025-1974

Name: Exploit for CVE-2025-1974
Rating: 5 (118 reviews)
2025-05-06 | CVSS 9.8
## https://sploitus.com/exploit?id=C803D4DE-6E36-592F-8379-672B50C41212
# CVE-2025-1974_IngressNightmare

# poc IngressNightmare Script

A Python script to automate sending JSON payloads to a list of IPs via `curl`, capturing responses and splitting them into success and failure XML reports.

## Features

* Sends HTTPS `POST` requests with a JSON payload to multiple IP addresses.
* Configurable JSON payload file, port, timeout, delay between requests.
* Cleans and captures `curl` stderr (removes progress meter noise).
* Classifies requests as **success**, **failed**, **timeout**, or **error** based on return code and HTTP status.
* Generates two XML reports:

  * **Success** report containing all successful requests.
  * **Failure** report containing all failed, timed out, or errored requests.
* Detailed per-request logging to the console.

## Prerequisites

* Python 3.6+
* `curl` installed on your system and available in `PATH`.
* (Optional) Access to modify firewall or network settings to allow outbound HTTPS.

## Installation

1. Clone the repository or download the script:

   ```bash
   git clone https://github.com/abrewer251/CVE-2025-1974_IngressNightmare_PoC.git
   cd autorun
   ```
2. Ensure the script is executable (optional):

   ```bash
   chmod +x poc.py
   ```

## Usage

```bash
python3 poc.py [OPTIONS] <ip_list_file>
```

### Positional Argument

* `<ip_list_file>`: Path to a text file containing one IP address per line.

### Options

| Option                     | Description                                             | Default           |
| -------------------------- | ------------------------------------------------------- | ----------------- |
| `-h, --help`               | Show this help message and exit                         | —                 |
| `-j, --json <file>`        | JSON payload filename to send (with `@` syntax)         | `poc.json`        |
| `-p, --port <port>`        | Target port on each IP                                  | `8443`            |
| `-t, --timeout <seconds>`  | Timeout in seconds for each `curl` call                 | `15`              |
| `-d, --delay <seconds>`    | Delay in seconds between successive requests            | `1.0`             |
| `-s, --success <filename>` | Output XML filename for successful requests             | `4-3_Success.xml` |
| `-f, --failure <filename>` | Output XML filename for failed/timeouted/error requests | `4-3_Failure.xml` |

## Examples

1. **Basic run** with defaults:

   ```bash
   python3 poc.py ips.txt
   ```

   Sends `poc.json` to each IP on port `8443`, waits up to 15s, delays 1s between calls, writes `4-3_Success.xml` and `4-3_Failure.xml`.

2. **Custom payload and port**:

   ```bash
   python3 poc.py -j payload.json -p 9443 ips.txt
   ```

3. **Shorter timeout and faster requests**:

   ```bash
   python3 poc.py -t 5 -d 0.5 ips.txt
   ```

4. **Custom report filenames**:

   ```bash
   python3 poc.py -s success_report.xml -f error_report.xml ips.txt
   ```

## Output

* **Console**: Live logs for each request with IP, status, and error message if any.
* **XML files**: Structured reports with details of every request, suitable for parsing or integration.

## License

This project is licensed under the MIT License. See [LICENSE](LICENSE) for details.

---

*Generated by Autorun script template.*