CVE-2025-0401

Published Jan 13, 2025

Last updated 4 months ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0401 refers to two distinct vulnerabilities. One is a local privilege escalation vulnerability found in systems where the `/usr/bin/passwd` binary is misconfigured. This misconfiguration can allow unintended root-level access when combined with specific syscall sequences, potentially enabling attackers to simulate root shell access by abusing SUID binaries. The other vulnerability is classified as critical and affects the download function in the `CommonController.java` file of the 1902756969 reggie 1.0 software. This vulnerability involves a path traversal issue due to the manipulation of the 'name' argument, making it possible to launch attacks remotely.

Description: A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Source: cna@vuldb.com
NVD status: Received

Risk scores

CVSS 4.0

Type: Secondary
Base score: 6.9
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Secondary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

cna@vuldb.com: CWE-22

Hype score: Not currently trending