DISCLAIMER: I am not the creator of either CVE, all credit goes to Watchtower and Immersive Labs for the respective CVE work. I just smashed their code together like some child playing with action figures and it happened to work.
---
Quick tool I made that combines the PoC Code for CVE-2025-54309 and CVE-2025-31161 that checks for the race condition vulnerability, creates the backdoor "spiff" user, and pulls a list of users from the instance.
| crushSpiffMod.py | First Commit. Sending python file. | |
| LICENSE | Initial commit | |
| README.md | Updating README with links to original PoCs. | |
Spiff-Combined
DISCLAIMER: I am not the creator of either CVE, all credit goes to Watchtower and Immersive Labs for the respective CVE work. I just smashed their code together like some child playing with action figures and it happened to work.
Watchtower: https://labs.watchtowr.com/the-one-where-we-just-steal-the-vulnerabilities-crushftp-cve-2025-54309/
Immersive Labs: https://github.com/Immersive-Labs-Sec/CVE-2025-31161
Quick tool I made that combines the PoC Code for CVE-2025-54309 and CVE-2025-31161 that checks for the race condition vulnerability, creates the backdoor "spiff" user, and pulls a list of users from the instance.