NOMISEC-Yucaerin/CVE-2025-2294

NOMISEC WORKING POC

Exploit for CVE-2025-2294 - Kubio AI Page Builder <2.5.1 - Local File Inclusion

AI Analysis

This is a functional exploit for CVE-2025-2294, targeting a Local File Inclusion (LFI) vulnerability in the Kubio AI Page Builder plugin for WordPress. The script automates the detection of LFI by attempting to read /etc/passwd and nginx access logs via path traversal.

Attack Type

info_leak

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1006 - Direct Volume Access

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type infoleak

Files 3

https://github.com/Yucaerin/CVE-2025-2294

Stars 1

Forks 1

Last Push May 13, 2025

Authors

Yucaerin

Vulnerability

CVE-2025-2294

Kubio AI Page Builder <2.5.1 - Local File Inclusion

CRITICAL

CVSS 9.8