CVE-2025-25257

描述： ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Based upon the technical analysis by watchTowr, CVE-2025-25257 is an unauthenticated SQLi vulnerability that can be leveraged to achieve RCE with root privileges. An exploit has also been published here.

An unauthenticated attacker can trigger SQLi via an HTTP request to the /api/fabric/device/status endpoint (and possibly several other endpoints, according to the analysis). The Authorization header will contain a Bearer value that forms part of an unsanitized SQL statement, leading to the SQLi. An attacker can leverage the SQLi to achieve RCE by creating several SQL statements to write a Python .pth file to a common Python site packages directory, and then indirectly triggering the execution of a known Python script via an HTTP request, which in turn will execute the attackers malicious .pth file with root privileges.

I have rated both the Attacker Value and Exploitability as Very High, as this is unauthenticated RCE with root privileges, and public exploit code is available.

其他

#attackerkb.com

CVE-2025-25257

http://example.com/2025/07/11/other_189017130/

作者

lianccc

发布于

2025年7月11日

许可协议

Windows Update Service 权限提升漏洞上一篇

vinieger-CVE-2025-48384-Dockerfile 下一篇