CVE-2025-4428

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script sends a crafted JSON payload to the '/session' endpoint to establish a session, then executes the 'id' command via the '/session/{id}/shell' endpoint, verifying RCE by checking for 'uid=' and 'gid=' in the response.

This is a functional exploit PoC for CVE-2025-4428, leveraging SpEL injection in a Java-based web application to achieve remote command execution. The script generates a base64-encoded payload, constructs a malicious SpEL expression, and sends it to the target endpoint to trigger command execution.

The repository contains a Python script that detects vulnerability to CVE-2025-4427 and CVE-2025-4428 in Ivanti EPMM by sending a crafted HTTP request to a specific endpoint and checking the response for indicators of vulnerability. It does not exploit the vulnerability but confirms its presence.

This Metasploit module exploits an unauthenticated RCE chain in Ivanti EPMM (CVE-2025-4427 and CVE-2025-4428) via expression language injection in an API endpoint. It executes commands as the 'tomcat' user and includes a check method to verify vulnerability.