Saved in:
Bibliographic Details
Main Authors: Zhao, Mengyao, Li, Kaixuan, Zhang, Lyuye, Dang, Wenjing, Ding, Chenggong, Chen, Sen, Liu, Zheli
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.10148
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911204075634688
author Zhao, Mengyao
Li, Kaixuan
Zhang, Lyuye
Dang, Wenjing
Ding, Chenggong
Chen, Sen
Liu, Zheli
author_facet Zhao, Mengyao
Li, Kaixuan
Zhang, Lyuye
Dang, Wenjing
Ding, Chenggong
Chen, Sen
Liu, Zheli
contents Recent advances in Large Language Models (LLMs) have brought remarkable progress in code understanding and reasoning, creating new opportunities and raising new concerns for software security. Among many downstream tasks, generating Proof-of-Concept (PoC) exploits plays a central role in vulnerability reproduction, comprehension, and mitigation. While previous research has focused primarily on zero-day exploitation, the growing availability of rich public information accompanying disclosed CVEs leads to a natural question: can LLMs effectively use this information to automatically generate valid PoCs? In this paper, we present the first empirical study of LLM-based PoC generation for web application vulnerabilities, focusing on the practical feasibility of leveraging publicly disclosed information. We evaluate GPT-4o and DeepSeek-R1 on 100 real-world and reproducible CVEs across three stages of vulnerability disclosure: (1) newly disclosed vulnerabilities with only descriptions, (2) 1-day vulnerabilities with patches, and (3) N-day vulnerabilities with full contextual code. Our results show that LLMs can automatically generate working PoCs in 8%-34% of cases using only public data, with DeepSeek-R1 consistently outperforming GPT-4o. Further analysis shows that supplementing code context improves success rates by 17%-20%, with function-level providing 9%-13% improvement than file-level ones. Further integrating adaptive reasoning strategies to prompt refinement significantly improves success rates to 68%-72%. Our findings suggest that LLMs could reshape vulnerability exploitation dynamics. To date, 23 newly generated PoCs have been accepted by NVD and Exploit DB.
format Preprint
id arxiv_https___arxiv_org_abs_2510_10148
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle A Systematic Study on Generating Web Vulnerability Proof-of-Concepts Using Large Language Models
Zhao, Mengyao
Li, Kaixuan
Zhang, Lyuye
Dang, Wenjing
Ding, Chenggong
Chen, Sen
Liu, Zheli
Software Engineering
Recent advances in Large Language Models (LLMs) have brought remarkable progress in code understanding and reasoning, creating new opportunities and raising new concerns for software security. Among many downstream tasks, generating Proof-of-Concept (PoC) exploits plays a central role in vulnerability reproduction, comprehension, and mitigation. While previous research has focused primarily on zero-day exploitation, the growing availability of rich public information accompanying disclosed CVEs leads to a natural question: can LLMs effectively use this information to automatically generate valid PoCs? In this paper, we present the first empirical study of LLM-based PoC generation for web application vulnerabilities, focusing on the practical feasibility of leveraging publicly disclosed information. We evaluate GPT-4o and DeepSeek-R1 on 100 real-world and reproducible CVEs across three stages of vulnerability disclosure: (1) newly disclosed vulnerabilities with only descriptions, (2) 1-day vulnerabilities with patches, and (3) N-day vulnerabilities with full contextual code. Our results show that LLMs can automatically generate working PoCs in 8%-34% of cases using only public data, with DeepSeek-R1 consistently outperforming GPT-4o. Further analysis shows that supplementing code context improves success rates by 17%-20%, with function-level providing 9%-13% improvement than file-level ones. Further integrating adaptive reasoning strategies to prompt refinement significantly improves success rates to 68%-72%. Our findings suggest that LLMs could reshape vulnerability exploitation dynamics. To date, 23 newly generated PoCs have been accepted by NVD and Exploit DB.
title A Systematic Study on Generating Web Vulnerability Proof-of-Concepts Using Large Language Models
topic Software Engineering
url https://arxiv.org/abs/2510.10148