## https://sploitus.com/exploit?id=F221D9DA-7DE2-565D-A5ED-CA12E7DFF4D5
# CVE-2025-4664
This repository contains a PoC for exploiting CVE-2025-4664, a vulnerability where Chromium-based browsers leak sensitive URL parameters through Link header preload requests.
# Resources
For a detailed explanation of how this exploit works, read the blog post: https://amalmurali.me/posts/cve-2025-4664e.
Watch this video to understand the flow:
<a href="https://vimeo.com/1097299035?share=copy" target="_blank"><img src="https://github.com/user-attachments/assets/ba4118f9-9df7-4713-8891-b569a354ac4b"></a>
## Files
- `target.py` - Vulnerable web application
- `idp.py` - SSO identity provider
- `attacker.py` - Malicious server that logs leaked tokens
- `templates/` - HTML templates for the demo
- `static/` - Static assets (logo, avatar, CSS)
## Setup
### Dependencies
```bash
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```
### Hosts File Configuration
Add these entries to your `/etc/hosts` file:
```
127.0.0.1 example.com
127.0.0.1 sso.example.com
127.0.0.1 attacker.test
```
### Running the Demo
Start all three servers in separate terminals (after activating the venv):
```bash
# Terminal 1: Target application
python target.py
# Terminal 2: SSO Identity Provider
python idp.py
# Terminal 3: Attacker server
python attacker.py
```
## Disclaimer
This repository is for educational purposes only. The information provided here is intended to help developers understand the vulnerability and protect their systems. Do not use this exploit maliciously or without permission. Use of this PoC is at your own risk. The author is not responsible for any damages or legal issues that may arise from the use of this information.