CVE-2012-10022

HIGH

Kloxo <6.1.12 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-10022. PoCs published by HTP, HTP, juan vazquez, including Metasploit module exploits/linux/local/kloxo_lxsuexec.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Kloxo (Lxadmin) by manipulating environment variables and abusing the lxsuexec binary to execute a shell with elevated privileges. It requires the attacker to be the Apache user or another user capable of running lxsuexec.

Description

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.

Exploits (2)

exploitdb WORKING POC VERIFIED

by HTP · bashlocallinux

https://www.exploit-db.com/exploits/25406

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Kloxo (Lxadmin) by manipulating environment variables and abusing the lxsuexec binary to execute a shell with elevated privileges. It requires the attacker to be the Apache user or another user capable of running lxsuexec.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Kloxo (Lxadmin) 6.1.6

Auth required

Prerequisites: Access to a user account with permissions to run lxsuexec (e.g., Apache user) · Presence of the lxsuexec binary on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by HTP, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/kloxo_lxsuexec.rb

View Code ZIP pw:eip

This Metasploit module exploits a local privilege escalation vulnerability in Kloxo versions 6.1.12 and earlier by abusing setuid root binaries (lxsuexec and lxrestart) to escalate from uid 48 (Apache) to root. It writes a payload executable to /tmp, sets environment variables, and executes the payload via the vulnerable binary.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Kloxo <= 6.1.12

No auth needed

Prerequisites: Local access to the system · User must have uid 48 (Apache) · Kloxo installation with vulnerable setuid binaries

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/kloxo_lxsuexec.rb

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/kloxo-local-priv-esc

Various Sources product

https://kloxo.org/

Various Sources product

https://github.com/KloxoNGCommunity/kloxo

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/25406

Various Sources technical-description exploit

https://web.archive.org/web/20121122063935/http://roothackers.net/showthread.php?tid=92

Scores

CVSS v4 8.5

EPSS 0.0044

EPSS Percentile 34.7%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

LxCenter/Kloxo < 6.1.12

Published Aug 01, 2025

Tracked Since Feb 18, 2026