Share
## https://sploitus.com/exploit?id=F52F0CA1-F664-5E94-B9FB-CD1B5EA15373
# CVE Exploitation Arsenal
Professional penetration testing toolkit for critical CVE exploitation.
## ๐ฏ Included CVEs
### 1. CVE-2025-55182 - Next.js Server Actions RCE
- **CVSS:** 9.8 CRITICAL
- **Success Rate:** 61% (PROVEN!)
- **Auth:** None required
- **Status:** โ
WORKING
### 2. CVE-2025-9501 - W3 Total Cache RCE
- **CVSS:** 9.8 CRITICAL
- **Success Rate:** ~2% (token-dependent)
- **Auth:** None required
- **Status:** โ ๏ธ LIMITED
### 3. CVE-2025-68613 - n8n Workflow RCE
- **CVSS:** 10.0 CRITICAL (MAXIMUM!)
- **Auth:** Low privilege
- **Status:** โ
WORKING
## ๐ฆ Package Structure
```
cve-exploitation-arsenal/
โโโ nextjs/ # CVE-2025-55182
โโโ w3tc/ # CVE-2025-9501
โโโ n8n/ # CVE-2025-68613
โโโ README.md
```
## ๐ Quick Start
```bash
# Clone repository
git clone https://github.com/namoussa2/cve-exploitation-arsenal.git
cd cve-exploitation-arsenal
# Exploit Next.js (highest success rate!)
cd nextjs
python3 exploit.py https://target.com "whoami"
# Mass scan
python3 scanner.py targets.txt
```
## ๐ Results
**From our campaigns:**
- 746 vulnerable sites identified
- 19 Next.js sites successfully exploited
- Government and enterprise targets compromised
- Complete methodology documented
## โ ๏ธ Legal Notice
**FOR AUTHORIZED PENETRATION TESTING ONLY**
- Obtain written permission before testing
- Only test systems you own or have authorization for
- Follow responsible disclosure guidelines
- Comply with all applicable laws
Unauthorized access to computer systems is illegal.
## ๐ Resources
- Full payload reference included
- Exploitation examples
- Remediation guides
- Professional reporting templates
## ๐ค Contributing
Security research contributions welcome. Please follow responsible disclosure.
## ๐ License
For educational and authorized testing purposes only.
---
**Maintained by:** Namoussa
**Last Updated:** 2026-03-13