id: CVE-2025-56266

info:
  name: Avigilon ACM - Host Header Injection
  author: DhiyaneshDK
  severity: medium
  description: |
    A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
  impact: |
    Attackers can execute arbitrary code remotely by supplying crafted URLs, potentially compromising the system.
  remediation: |
    Update to the latest version.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-56266
    - https://github.com/nikolas-ch/CVEs/tree/main/AvigilonACM_v7.10.0.20/HostHeaderInjection
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2025,vuln,avigilon

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Avigilon", "Access Control Manager")'
        internal: true

  - raw:
      - |
        GET / HTTP/1.1
        Host: {{randstr}}.tld

    matchers-condition: and
    matchers:
      - type: word
        part: location
        words:
          - '{{randstr}}.tld'

      - type: status
        status:
          - 302
# digest: 4b0a00483046022100ab9086a31079817a857dd57dc3bfc748d99d40262d93e75e1210c7a3903a5b3d022100bfa7d91ff26979bd714b0462a73c0c48c9e985d12bdb2a0b52b58adfa9c94991:922c64590222798bb761d5b6d8e72950