WRITEUP

Exploit for CVE-2025-4552 - Continew Admin < 3.6.0 - Password Reset Weakness

AI Analysis

This writeup details two vulnerabilities in continew-admin v3.6.0: a stored XSS via HTML file upload and a privilege escalation flaw allowing password reset of the super administrator. It includes technical descriptions, affected components, and step-by-step POCs with HTTP requests.

Attack Type

XSS | auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type poc

Files 1

https://github.com/uglory-gll/javasec/blob/main/continew-admin.md#21dev-apisystemuser1password-only-assigning-password-reset-permission-can-reset-the-super-administrator-password

Authors

Longlong Gong

Vulnerability

CVE-2025-4552

Continew Admin < 3.6.0 - Password Reset Weakness

MEDIUM

CVSS 5.4