Exploit for CVE-2025-49493

Akamai CloudTest XXE Exploit (CVE-2025-49493) Overview This is a Python-based exploit for CVE-2025-49493, which affects Akamai CloudTest versions before 60 2025.06.02 (12988). The vulnerability allows for XML External Entity (XXE) injection through the SOAP service endpoint. Vulnerability Details CVE ID: CVE-2025-49493 Vulnerability Type: XML External Entity (XXE) Injection Severity: Critical (CVSS 9.1) Affected Software: Akamai CloudTest Affected Versions: Before 60 2025.06.02 (12988) Attack Vector: Network Authentication Required: No Technical Details The vulnerability exists in the /concerto/services/RepositoryService SOAP endpoint where XML input is processed without proper sanitization of external entities. An attacker can craft malicious XML payloads to trigger XXE attacks, potentially leading to: Information disclosure SSRF (Server-Side Request Forgery) Denial of Service Potential RCE in certain configurations Features Target Discovery: Automatically identifies Akamai CloudTest instances Vulnerability Detection: Checks for vulnerable endpoints and indicators XXE Exploitation: Sends crafted SOAP requests with XXE payloads Multiple Targets: Supports batch processing from target files Detailed Logging: Comprehensive colored logging with timestamps Error Handling: Robust error handling for network issues Installation Prerequisites Python 3.6 or higher pip package manager Dependencies Install required packages: bash pip install -r requirements.txt Or install…Read More