CVE-2025-56015

HIGH LAB

GenieACS 1.2.13 - Unauthenticated Improper Access Control in NBI API Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-56015. PoCs published by e1st.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-56015, demonstrating a sandbox escape and RCE vulnerability in GenieACS via JavaScript prototype chain manipulation. The exploit automates provision creation, preset configuration, and CPE simulation to trigger payload execution.

Description

In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.

Exploits (1)

nomisec WORKING POC
by e1st · poc
https://github.com/e1st/CVE-2025-56015

This repository contains a functional exploit for CVE-2025-56015, demonstrating a sandbox escape and RCE vulnerability in GenieACS via JavaScript prototype chain manipulation. The exploit automates provision creation, preset configuration, and CPE simulation to trigger payload execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GenieACS v1.2.13
No auth needed
Prerequisites: Network access to GenieACS NBI (Port 7557) and ACS (Port 7547) · Python 3.6+ with requests library
devstral-2 · analyzed May 03, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0006
EPSS Percentile 18.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull mongo:8.0
docker pull drumsergio/genieacs-sim:latest
docker pull drumsergio/genieacs-mcp:latest
docker pull drumsergio/genieacs:1.2.16.0

Details

CWE
CWE-284
Status published
Products (2)
genieacs/genieacs 1.2.13
npm/genieacs npm
Published Apr 07, 2026
Tracked Since Apr 08, 2026