Hacktober 2025 - Nuclei Templates
嗯,用户让我帮忙总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述。好的,我先看看文章的主要内容。 这篇文章是关于Nuclei Templates在10月份的两个主要发布版本,v10.3.0和v10.3.1。这两个版本添加了很多新的模板和CVE,还提到了社区的贡献情况。Hacktoberfest期间,他们收到了很多pull requests,还有第一次贡献的人和奖励的 bounty。 文章详细列出了新增的模板数量、CVE数量、第一次贡献者和奖励情况。然后还提到了新增的CVE包括一些高风险漏洞,比如Oracle、Redis、Adobe等的漏洞。还有改进的地方,比如修复了一些误报和漏报的问题,并且增加了一些检测功能。 最后还感谢了社区的贡献者,并鼓励大家继续参与开源安全项目。 现在我要把这些信息浓缩到100字以内。重点包括:两个版本发布、新增模板数量、CVE数量、社区贡献(包括第一次贡献者和奖励)、新增高风险CVE以及修复的问题。 可能的结构是:Nuclei Templates在10月发布了两个版本,新增了243个模板和178个CVE,涵盖多个高风险漏洞,并修复了一些问题。社区贡献突出,有287个PR和24个奖励。 这样大概控制在100字左右。 </think> Nuclei Templates在10月发布了两个版本(v10.3.0 & v10.3.1),新增243个模板和178个CVE,涵盖Oracle、Redis等高风险漏洞,并修复了误报与漏报问题。社区贡献显著,收到287个PR及24个奖励。 2025-10-31 16:6:20 Author: projectdiscovery.io(查看原文) 阅读量:16 收藏

This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.

🚀 Hacktober Stats

Release New Templates Added CVEs Added First-time Contributors Bounties Awarded
v10.3.0 124 90 6 12
v10.3.1 119 88 10 12
Total 243 178 16 24

Introduction

October was huge for Nuclei Templates, two releases (v10.3.0 & v10.3.1) dropped during Hacktoberfest, adding coverage for 44 actively exploited KEVs from CISA’s list, enabling users to address the most urgent security risks promptly.

We also added templates for trending 2025 CVEs, including CVE-2025-61882 (Oracle E-Business Suite RCE) and CVE-2025-49844 (Redis Lua sandbox escape), fresh threats, ready to scan.

The community stepped up big time: 287 pull requests so far in Hacktoberfest, 16 first-time contributors, and 24 bounties rewarded through the Template Bounty Program. Huge thanks to everyone who contributed. Open source security just got stronger.

New Templates Added

Across both releases, 243 new templates were added, thanks to relentless contributions from the global community. These additions focus on accurate detection of critical weaknesses, enabling proactive defense before exploitation occurs.

Among the new templates, 178 CVEs were added, keeping you up to date with the latest security vulnerabilities.
Notably, the release includes coverage of trending ones like CVE-2025-61882 (Oracle E-Business Suite RCE, in CISA KEV), CVE-2025-49844 (Redis Lua sandbox escape), CVE-2025-46817, CVE-2025-46818, CVE-2025-46819 (Redis Lua engine vulnerabilities), CVE-2025-54253 (Adobe Experience Manager Forms), CVE-2025-54251, CVE-2025-54249 (Adobe Experience Manager), and CVE-2025-10035 (GoAnywhere - Auth Bypass), all targeting platforms widely deployed in enterprise networks. These CVE templates help users identify and resolve critical issues before attackers can exploit them.

Highlighted CVE Templates

Templates marked with 🔥 highlight high-risk vulnerabilities that are actively exploited.

Highlighted CVE Templates from v10.3.0 & v10.3.1 (🔥)

  • 🔥 [CVE-2025-61882] Oracle E-Business Suite 12.2.3–12.2.14 – RCE
  • 🔥 [CVE-2025-54251] Adobe Experience Manager ≤ 6.5.23.0 - XML Injection
  • 🔥 [CVE-2025-54249] Adobe Experience Manager ≤ 6.5.23.0 – SSRF
  • 🔥 [CVE-2025-49844] Redis Lua Parser < 8.2.2 - Use After Free
  • 🔥 [CVE-2025-49825] Teleport - Auth Bypass
  • 🔥 [CVE-2025-46819] Redis < 8.2.1 Lua Long-String Delimiter - Out-of-Bounds Read
  • 🔥 [CVE-2025-46818] Redis Lua Sandbox < 8.2.2 - Cross-User Escape
  • 🔥 [CVE-2025-46817] Redis < 8.2.1 lua script - Integer Overflow
  • 🔥 [CVE-2025-36604] Dell UnityVSA < 5.5 - Remote Command Injection
  • 🔥 [CVE-2025-20362] Cisco Secure Firewall ASA & FTD - Auth Bypass
  • 🔥 [CVE-2025-20281] Cisco ISE - Remote Code Execution
  • 🔥 [CVE-2025-10035] GoAnywhere - Auth Bypass
  • 🔥 [CVE-2025-0282] Ivanti Connect Secure - Stack-based Buffer Overflow
  • 🔥 [CVE-2024-42009] Roundcube Webmail - Cross-Site Scripting
  • 🔥 [CVE-2024-0593] WordPress Simple Job Board - Unauthorized Data Access
  • 🔥 [CVE-2023-40044] WS_FTP Server - Insecure Deserialization
  • 🔥 [CVE-2023-37582] Apache RocketMQ - Remote Command Execution
  • 🔥 [CVE-2023-3519] Citrix NetScaler ADC and NetScaler Gateway - RCE
  • 🔥 [CVE-2023-26258] Arcserve UDP <= 9.0.6034 - Auth Bypass
  • 🔥 [CVE-2023-21839] Oracle WebLogic Server - Unauthorized Access
  • 🔥 [CVE-2023-6933] Better Search Replace < 1.4.5 - PHP Object Injection
  • 🔥 [CVE-2023-5559] 10Web Booster < 2.24.18 - Arbitrary Option Deletion
  • 🔥 [CVE-2023-4666] Form-Maker < 1.15.20 - Unauth Arbitrary File Upload
  • 🔥 [CVE-2022-41352] Zimbra Collaboration - Unrestricted File Upload
  • 🔥 [CVE-2022-38627] Nortek Linear eMerge E3-Series - SQL Injection
  • 🔥 [CVE-2022-3590] WordPress <= 6.2 - Server Side Request Forgery
  • 🔥 [CVE-2022-3481] NotificationX Dropshipping < 4.4 - SQL Injection
  • 🔥 [CVE-2022-3477] WordPress tagDiv Composer < 3.5 - Auth Bypass
  • 🔥 [CVE-2022-31711] VMware vRealize Log Insight < v8.10.2 - Information Disclosure
  • 🔥 [CVE-2022-31706] VMware vRealize Log Insight - Path Traversal
  • 🔥 [CVE-2022-31704] VMware vRealize Log Insight - Improper Access Control
  • 🔥 [CVE-2022-24682] Zimbra Collaboration Suite < 8.8.15 - Improper Encoding
  • 🔥 [CVE-2022-24086] Adobe Commerce (Magento) - Remote Code Execution
  • 🔥 [CVE-2022-22956] VMware Workspace ONE Access - Auth Bypass
  • 🔥 [CVE-2021-42359] WP DSGVO Tools <= 3.1.23 - Arbitrary Post Deletion
  • 🔥 [CVE-2021-34622] WordPress ProfilePress <= 3.1.3 - Privilege Escalation
  • 🔥 [CVE-2021-33766] Microsoft Exchange - Authentication Bypass
  • 🔥 [CVE-2021-32478] Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect
  • 🔥 [CVE-2021-30118] Kaseya VSA < 9.5.7 - Arbitrary File Upload
  • 🔥 [CVE-2021-30116] Kaseya VSA < 9.5.7 - Credential Disclosure
  • 🔥 [CVE-2021-26072] Atlassian Confluence < 5.8.6 - Server-Side Request Forgery
  • 🔥 [CVE-2021-24220] Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload
  • 🔥 [CVE-2021-24295] Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauth Blind SQLi
  • 🔥 [CVE-2021-24175] The Plus Addons for Elementor Page Builder < 4.1.7 - Auth Bypass
  • 🔥 [CVE-2021-20021] SonicWall Email Security <= 10.0.9.x - Unauth Admin Account Creation
  • 🔥 [CVE-2021-4380] Pinterest Automatic < 4.14.4 - Arbitrary Options Update
  • 🔥 [CVE-2021-3287] Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution
  • 🔥 [CVE-2020-3952] VMware vCenter Server LDAP Broken Access Control
  • 🔥 [CVE-2020-36731] Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauth Arbitrary Plugin Settings Update
  • 🔥 [CVE-2020-36719] ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
  • 🔥 [CVE-2020-36705] Adning Advertising <= 1.5.5 - Arbitrary File Upload
  • 🔥 [CVE-2020-2883] Oracle WebLogic Server - Remote Code Execution
  • 🔥 [CVE-2020-13640] wpDiscuz <= 5.3.5 - SQL Injection
  • 🔥 [CVE-2020-9480] Apache Spark - Auth Bypass
  • 🔥 [CVE-2020-8657] EyesOfNetwork - Hardcoded API Key
  • 🔥 [CVE-2020-8656] EyesOfNetwork - Hardcoded API Key & SQL Injection
  • 🔥 [CVE-2019-25152] Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting
  • 🔥 [CVE-2019-17232] WordPress Ultimate FAQs <= 1.8.24 – Unauth Options Import and Export
  • 🔥 [CVE-2019-16072] Enigma NMS < 65.0.0 - Authenticated OS Command Injection
  • 🔥 [CVE-2019-12989] Citrix SD-WAN and NetScaler SD-WAN - SQL Injection
  • 🔥 [CVE-2019-11886] Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation
  • 🔥 [CVE-2019-9621] Zimbra Collaboration Suite - SSRF
  • 🔥 [CVE-2019-7276] Optergy Proton/Enterprise - Unauth RCE via Backdoor Console
  • 🔥 [CVE-2019-6703] Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
  • 🔥 [CVE-2018-18325] DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
  • 🔥 [CVE-2018-15811] DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
  • 🔥 [CVE-2018-1217] Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
  • 🔥 [CVE-2018-11138] Quest KACE System Management Appliance 8.0.318 - RCE
  • 🔥 [CVE-2017-18362] Kaseya VSA 2017 ConnectWise ManagedITSync - RCE
  • 🔥 [CVE-2016-10972] Newspaper Theme 6.4–6.7.1 - Privilege Escalation
  • 🔥 [CVE-2010-20103] ProFTPd-1.3.3c - Backdoor Command Execution

🛠️ Bug Fixes and Enhancements

We’ve made several improvements in v10.3.0 and v10.3.1 to ensure templates are accurate, easy to use, and reliable during scans. This includes updating metadata, cleaning up tags, and fixing issues that could cause false positives or negatives.

False Negatives

  • Addressed CORS detection for OWASP JuiceShop Access-Control-Allow-Origin: * (Issue #13402)
  • Addressed false negative in CVE-2025-61882 template (Issue #13540)
  • Addressed false negative in generic-linux-lfi.yaml (Issue #12864)
  • Addressed false negative in CVE-2023-20198 Cisco IOS XE RCE (Issue #12324)

False Positives

Reduced false positives and improved accuracy in the following templates:

Enhancements

  • Enhanced Google CSP bypass detection vector (PR #13500)
  • Added user and password fields to config-json.yaml for better extraction (PR #13445)
  • Improved vKEV workflow and updated missing tags (PR #13374)
  • Added credentialed CORS with reflected Origin detection (PR #13441)
  • Added blind SSRF (OAST) multiparam fuzzing template (PR #13440)
  • Added Swagger/OpenAPI/GraphQL API inventory template (PR #13442)
  • Implemented asset-discovery vs. vulnerability-detection distinction across templates (PR #13648)
  • Enhanced HashiCorp Vault detection by removing vault-unsealed-unauth and improving hashicorp-vault-detect (PR #13660)
  • Enhanced XWiki RCE detection capabilities (PR #13684)
  • Added new POC for yonyou-nc-arbitrary-file-read (PR #13624)
  • Improved Moodle changelog file detection for newer versions (PR #13654)
  • Removed cloudapp.net from takeover templates as no longer exploitable (PR #13679)
  • Enhanced SNMPv3 fingerprint detection (PR #13661)

A huge shoutout to our 16 first-time contributors this Hacktoberfest:

Your contributions are greatly appreciated and help strengthen the Nuclei.

Stay Connected

Stay in the loop with the latest Nuclei developments:

Let’s keep pushing the boundaries of open-source security together!


文章来源: https://projectdiscovery.io/blog/hacktober-2025-nuclei-templates
如有侵权请联系:admin#unsafe.sh