CVE-2025-49677

描述： Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Description

This Proof of Concept (PoC) demonstrates an interactive SYSTEM shell exploit for CVE-2025-49677.
It leverages scheduled tasks and a looping batch script running as SYSTEM to execute arbitrary commands
with NT AUTHORITY\SYSTEM privileges and interactively returns command output.

Reference

Usage

Run the Python script as Administrator on the vulnerable Windows machine.
The script creates a scheduled task that runs a batch script as SYSTEM user.
You get an interactive prompt (SYSTEM>) in your Python console.
Type any Windows command (e.g. whoami, dir, net user) and see the SYSTEM-level output.
Type exit to quit and clean up all temporary files and scheduled tasks.

Files

PoC.py: Python script implementing the exploit and interactive shell.
README.md: This readme file.

Requirements

Python 3.x installed on Windows.
Run the script with Administrator privileges.
The script uses built-in Windows commands (schtasks, cmd.exe, timeout).

Disclaimer

Use this PoC only in authorized environments for testing and research purposes.
Disclosure responsibly. I am not responsible for misuse.

Video:

href

Source:

href

Time spent:

05:35:00

其他

#attackerkb.com

CVE-2025-49677

http://example.com/2025/07/09/other_1246440088/

作者

lianccc

发布于

2025年7月9日

许可协议

zoomeye_team Twitter Update ! 上一篇

Brother Printers Authentication Bypass via Default Admin Password 下一篇

CVE-2025-49677

Description

more

Reference

Usage

Files

Requirements

Disclaimer

Video:

Source:

Time spent: