#Hacking Against Mass Surveillance: #BugBounty Donated to Challenge #Palantir 🧵
During a recent pentest, I found CVE-2025-52161 in the CMS #Weblication. It allowed an unauthenticated attacker to persistently embed JavaScript into the admin panel. This is particularly severe, because the panel can be used to execute commands on the underlying system, leading to a full system compromise.
The vendor, Scholl Communications AG, responded quickly and fixed the issue within two days. The vulnerability was classified as level 2 in their bug bounty program, awarding us a $250 bounty.
We decided to donate the bounty to @Freiheitsrechte, an organization dedicated to defending fundamental and human rights through legal action.
Currently, they are challenging the use of Palantir surveillance software by Bavarian police, criticized for lacking transparency, oversight, and safeguards against discrimination.
Though the bounty amount may be small, I am proud that it contributes to the fight against mass surveillance, a cause hackers have always advocated for.
I’ll be sharing more details soon about the methodology used to identify vulnerabilities like this.
🔔 Stay tuned and follow if you haven’t already!
🔁 Also, boost the first toot to spread the word!
I've linked it again for you:
https://infosec.exchange/@kpwn/115259214495679877
#Hacking Against Mass Surveillance: #BugBounty Donated to Challenge #Palantir 🧵 During a recent pentest, I found CVE-2025-52161 in the CMS #Weblication. It allowed an unauthenticated attacker to persistently embed JavaScript into the admin panel. This is particularly severe, because the panel can be used to execute commands on the underlying system, leading to a full system compromise. #InfoSec #CyberSecurity #Pentesting #AppSec #CVE_2025_52161
Konstantin 
Freiheitsrechte.org - GFF