cooldadhacking - Security Researcher - Exploit Intelligence Platform

CVE-2025-70341 NOMISEC HIGH WORKING POC

App-Auto-Patch 3.4.2 - Privilege Escalation

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.

CVSS 7.8

View Code

CVE-2025-70342 NOMISEC MEDIUM WORKING POC

erase-install <v40.4 - Info Disclosure

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.

CVSS 6.6

View Code

CVE-2025-70341 WRITEUP HIGH WORKING POC

App-Auto-Patch 3.4.2 - Privilege Escalation

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.

CVSS 7.8

View Code

CVE-2025-70342 WRITEUP MEDIUM WRITEUP

erase-install <v40.4 - Info Disclosure

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.

CVSS 6.6

View Code

CVE-2025-70342 WRITEUP MEDIUM WORKING POC

erase-install <v40.4 - Info Disclosure

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.

CVSS 6.6

View Code