cbcvebase.
CVE-2025-28242
published 2025-04-18

CVE-2025-28242: Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.68%
74.1th percentile
Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.

Detection & IOCsextracted from sources · hover to see the quote

url/login_ok.htm
othersession=([0-9]+)
sigma
title:"DAEnetIP4"
  • Send a GET request to /login_ok.htm and check for HTTP 200 response containing both 'DAEnetIP4' and 'session=' strings in the body to identify vulnerable instances.
  • Extract numeric session tokens from the response body using the regex pattern 'session=([0-9]+)' — a purely numeric session token indicates weak/improper session management exploitable for hijacking.
  • Use FOFA query title="DAEnetIP4" or Shodan query title:"DAEnetIP4" to enumerate internet-exposed DAEnetIP4 METO devices for mass scanning.
  • ·Exploitation requires the attacker to be able to control or intercept session tokens — a passive network position (e.g., MitM) or access to the response from /login_ok.htm is a prerequisite.
  • ·The vulnerability is specific to DAEnetIP4 METO firmware version v1.25; other versions are not confirmed affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.