CVE-2025-57310

HIGH

Salmen Simple Faucet Script - CSRF

Title source: rule

Description

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.

Exploits (2)

nomisec WORKING POC

by hossainshadat · poc

https://github.com/hossainshadat/CVE-2025-57310

View Code ZIP pw:eip

nomisec WORKING POC

by MMAKINGDOM · poc

https://github.com/MMAKINGDOM/CVE-2025-57310

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://gist.github.com/MMAKINGDOM/a6c2c8c70145cbea4e119525651e9a8d

[Exploit, Third Party Advisory] https://github.com/MMAKINGDOM/CVE-2025-57310

Scores

CVSS v3 8.8

EPSS 0.0006

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352

Status published

Affected Products (1)

salmen/simple_faucet_script

Timeline

Published Nov 12, 2025

Tracked Since Feb 18, 2026