CVE-2017-15358

HIGH

Charles Proxy < 4.2.1 - Local Privilege Escalation via Race Condition in Settings Binary

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15358. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit leverages a race condition in Charles Proxy's suid binary to replace it with a malicious payload, granting root privileges. The script compiles a C program that spawns a root shell, then uses a symlink and timing attack to exploit the vulnerability.

Description

Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.

Exploits (1)

exploitdb WORKING POC
by Mark Wadham · textlocalmacos
https://www.exploit-db.com/exploits/45107

This exploit leverages a race condition in Charles Proxy's suid binary to replace it with a malicious payload, granting root privileges. The script compiles a C program that spawns a root shell, then uses a symlink and timing attack to exploit the vulnerability.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Charles Proxy < 4.2.1
No auth needed
Prerequisites: Charles Proxy installed · Local user access · Xcode CLI tools for compilation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45107/

Scores

CVSS v3 7.0
EPSS 0.0076
EPSS Percentile 50.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (1)
charlesproxy/charles < 4.2.1
Published Aug 03, 2018
Tracked Since Feb 18, 2026