CVE-2022-31125

CRITICAL

roxy-wi < 6.1.1.0 - Unauthenticated Authentication Bypass via Crafted HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31125. PoCs published by Nuri Çilengir.

AI-analyzed exploit summary The exploit demonstrates an improper authentication control vulnerability in Roxy WI v6.1.0.0 by sending a crafted POST request to /app/options.py, bypassing authentication to access sensitive log data. The request includes specific parameters to retrieve log entries without proper authorization.

Description

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nuri Çilengir · textwebappspython
https://www.exploit-db.com/exploits/51226

The exploit demonstrates an improper authentication control vulnerability in Roxy WI v6.1.0.0 by sending a crafted POST request to /app/options.py, bypassing authentication to access sensitive log data. The request includes specific parameters to retrieve log entries without proper authorization.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Roxy WI <= v6.1.0.0
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 10.0
EPSS 0.1593
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-287
Status published
Products (1)
roxy-wi/roxy-wi < 6.1.1.0
Published Jul 06, 2022
Tracked Since Feb 18, 2026