CVE-2025-29705

MEDIUM

code-gen <= 2.0.6 - Unauthenticated Incorrect Access Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-29705. PoCs published by yxzrw.

AI-analyzed exploit summary This repository documents CVE-2025-29705, an information disclosure vulnerability in the 'code-gen' tool due to lack of authentication, allowing unauthorized access to database credentials. The writeup includes FOFA search syntax and screenshots demonstrating the exposure of database connection details.

Description

code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects.

Exploits (1)

nomisec WRITEUP

by yxzrw · poc

https://github.com/yxzrw/CVE-2025-29705

View Code ZIP pw:eip

This repository documents CVE-2025-29705, an information disclosure vulnerability in the 'code-gen' tool due to lack of authentication, allowing unauthorized access to database credentials. The writeup includes FOFA search syntax and screenshots demonstrating the exposure of database connection details.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: code-gen (version not specified)

No auth needed

Prerequisites: Publicly accessible 'code-gen' instance

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://gitee.com/durcframework/code-gen

Exploit, Third Party Advisory

https://github.com/yxzrw/CVE-2025-29705

Scores

CVSS v3 4.3

EPSS 0.0027

EPSS Percentile 18.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

tanghc/code-gen < 2.0.6

Published Apr 15, 2025

Tracked Since Feb 18, 2026