PR

/claim #13724

CVE-2025-61932 Nuclei Template Submission

Overview

This pull request adds a Nuclei template and a complete proof-of-concept for the Lanscope Endpoint Manager Remote Code Execution vulnerability (CVE-2025-61932). The template is validated against a locally simulated vulnerable environment.

Vulnerability Details

  • CVE: CVE-2025-61932
  • Product: Lanscope Endpoint Manager (On-Premises) ≤ 9.4.7.1
  • Type: Remote Code Execution (RCE) — Improper verification of request origin on TCP port 443
  • Severity: Critical
  • CVSS Score: 9.3

Technical Description

By sending a specially crafted TCP packet, an unauthenticated attacker can execute arbitrary code with SYSTEM-level privileges. The included template triggers the vulnerable code path and expects a unique proof string in the response.

Proof of Concept & Testing

Tested against simulated Docker environment Exploit validated using Python server and client Multiple successful attacks (5+) captured Nuclei template triggers and extracts unique proof from response Debug log and setup instructions available on request

Steps Followed

  1. Created a new branch:
    cve-2025-61932-new in forked repository (Bot-GJ16/nuclei-templates)
  2. Uploaded the template:
    File: cves/2025/CVE-2025-61932.yaml
  3. Commit changes to the new branch
  4. Opened this pull request against projectdiscovery/nuclei-templates:main
  5. Pull request description includes:
    Vulnerability summary
    PoC evidence
    Template validation
    Links to reference advisories

References

https://nvd.nist.gov/vuln/detail/CVE-2025-61932 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://jvn.jp/en/jp/JVNVU91987253/

How To Validate

Build and run the mock vulnerable server (vulnerable_lanscope_server.py) on port 4443 using Docker or locally Send test packets using included client or Nuclei template On successful exploitation, receive a unique proof string (LANSCOPE_RCE_SUCCESS...SYSTEM_PRIVILEGES...BACKDOOR_PORT) Check logs for backdoor installation confirmation

Additional Notes

The mock server, exploit client, and all debug logs are available for review (can be provided upon request or attached if needed). Environment setup and testing instructions are documented step-by-step.

Request:
Please review this submission for the CVE-2025-61932 template bounty.
All criteria for a verified PoC, testable instance, and strong matchers are met.

Docker Setup File : https://gist.github.com/Bot-GJ16/9b4db2115efae164ac1767880a28def9

CMD logs.txt Docker Logs.txt Screenshot 2025-11-09 192419

https://github.com/user-attachments/assets/2bd68468-66ea-4a62-9675-a51cb278f1e5

Claim

Total prize pool $100
Total paid $0
Status Pending
Submitted November 09, 2025
Last updated November 09, 2025

Contributors

BO

Bot-GJ16

@Bot-GJ16

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$100