CVE-2025-70886

HIGH

halo < 2.22.4 - Denial of Service via Comment Submission Payload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-70886. PoCs published by HowieHz.

AI-analyzed exploit summary This repository contains a functional PoC exploit for CVE-2025-70886, a persistent DoS vulnerability in Halo CMS. The exploit leverages a crafted payload to crash the admin comment interface, demonstrated via a GitHub Actions workflow that automates testing against multiple Halo versions.

Description

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint

Exploits (1)

nomisec WORKING POC

by HowieHz · poc

https://github.com/HowieHz/CVE-2025-70886

View Code ZIP pw:eip

This repository contains a functional PoC exploit for CVE-2025-70886, a persistent DoS vulnerability in Halo CMS. The exploit leverages a crafted payload to crash the admin comment interface, demonstrated via a GitHub Actions workflow that automates testing against multiple Halo versions.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Halo CMS <= v2.22.4

No auth needed

Prerequisites: Access to the Halo CMS comment submission endpoint

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources

https://github.com/HowieHz/CVE-2025-70886

Various Sources

https://howiehz.top/archives/halo-comment-payload-tweaker

Issue Tracking

https://github.com/halo-dev/halo/issues/7890

Scores

CVSS v3 7.5

EPSS 0.0044

EPSS Percentile 35.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

halo/halo < 2.22.4

Published Feb 12, 2026

Tracked Since Feb 18, 2026