Share
## https://sploitus.com/exploit?id=F221D9DA-7DE2-565D-A5ED-CA12E7DFF4D5
# CVE-2025-4664
This repository contains a PoC for exploiting CVE-2025-4664, a vulnerability where Chromium-based browsers leak sensitive URL parameters through Link header preload requests.

# Resources

For a detailed explanation of how this exploit works, read the blog post: https://amalmurali.me/posts/cve-2025-4664e.

Watch this video to understand the flow: 




<a href="https://vimeo.com/1097299035?share=copy" target="_blank"><img src="https://github.com/user-attachments/assets/ba4118f9-9df7-4713-8891-b569a354ac4b"></a>

## Files

- `target.py` - Vulnerable web application
- `idp.py` - SSO identity provider
- `attacker.py` - Malicious server that logs leaked tokens
- `templates/` - HTML templates for the demo
- `static/` - Static assets (logo, avatar, CSS)

## Setup

### Dependencies

```bash
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```

### Hosts File Configuration

Add these entries to your `/etc/hosts` file:

```
127.0.0.1 example.com
127.0.0.1 sso.example.com  
127.0.0.1 attacker.test
```

### Running the Demo

Start all three servers in separate terminals (after activating the venv):

```bash
# Terminal 1: Target application
python target.py

# Terminal 2: SSO Identity Provider  
python idp.py

# Terminal 3: Attacker server
python attacker.py
```

## Disclaimer

This repository is for educational purposes only. The information provided here is intended to help developers understand the vulnerability and protect their systems. Do not use this exploit maliciously or without permission. Use of this PoC is at your own risk. The author is not responsible for any damages or legal issues that may arise from the use of this information.