CVE-2014-125113

CRITICAL

Dell KACE K1000 <5.4.76849-5.5.90547 - File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-125113. PoCs published by Metasploit, Bradley Austin (steponequit), bcoles, including Metasploit module exploits/unix/http/dell_kace_k1000_upload.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated file upload vulnerability in Dell KACE K1000, allowing arbitrary command execution as the 'www' user and privilege escalation to root via the 'KSudoClient::RunCommandWait' function.

Description

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteunix
https://www.exploit-db.com/exploits/39693

This Metasploit module exploits an unauthenticated file upload vulnerability in Dell KACE K1000, allowing arbitrary command execution as the 'www' user and privilege escalation to root via the 'KSudoClient::RunCommandWait' function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Dell KACE K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547
No auth needed
Prerequisites: Network access to the target · Target running vulnerable Dell KACE K1000 version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Bradley Austin (steponequit), bcoles · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/dell_kace_k1000_upload.rb

This Metasploit module exploits an unauthenticated file upload vulnerability in Dell KACE K1000 (CVE-2014-125113) to achieve remote code execution as the 'www' user and escalates privileges to root via the 'KSudoClient::RunCommandWait' function. It uploads a malicious PHP file to a writable directory and executes it to trigger the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Dell KACE K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547
No auth needed
Prerequisites: Network access to the target · Vulnerable version of Dell KACE K1000
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 9.3
EPSS 0.0097
EPSS Percentile 57.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-306 CWE-434
Status published
Products (3)
Dell/Quest/KACE K1000 Systems Management Appliance 5.0 - 5.3
Dell/Quest/KACE K1000 Systems Management Appliance 5.4 - 5.4.76849
Dell/Quest/KACE K1000 Systems Management Appliance 5.5 - 5.5.90547
Published Aug 05, 2025
Tracked Since Feb 18, 2026