CVE-2025-57310

HIGH

simple_faucet_script v1.07 - Cross-Site Request Forgery via Admin Ads Endpoint

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-57310. PoCs published by hossainshadat, MMAKINGDOM.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2025-57310, a CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07. The exploit demonstrates how an attacker can inject arbitrary HTML/JavaScript into the homepage via the `spacetop` parameter, leading to Stored XSS.

Description

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.

Exploits (2)

nomisec WORKING POC

by hossainshadat · poc

https://github.com/hossainshadat/CVE-2025-57310

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2025-57310, a CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07. The exploit demonstrates how an attacker can inject arbitrary HTML/JavaScript into the homepage via the `spacetop` parameter, leading to Stored XSS.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Salmen2/Simple-Faucet-Script v1.07

Auth required

Prerequisites: Admin authentication on the target system · Victim interaction to visit a malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by MMAKINGDOM · poc

https://github.com/MMAKINGDOM/CVE-2025-57310

View Code ZIP pw:eip

This PoC demonstrates a CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07, allowing attackers to inject arbitrary HTML/JavaScript into the homepage via the `spacetop` parameter, leading to Stored XSS.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Salmen2/Simple-Faucet-Script v1.07

Auth required

Prerequisites: Authenticated admin session · Admin visits malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://gist.github.com/MMAKINGDOM/a6c2c8c70145cbea4e119525651e9a8d

Exploit, Third Party Advisory

https://github.com/MMAKINGDOM/CVE-2025-57310

Scores

CVSS v3 8.8

EPSS 0.0022

EPSS Percentile 11.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-352

Status published

Products (1)

salmen/simple_faucet_script 1.07

Published Nov 12, 2025

Tracked Since Feb 18, 2026