CVE-2019-25066

MEDIUM

ajenti <2.1.31 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-25066. PoCs published by Jeremy Brown, Jeremy Brown, Onur ER <[email protected]>, including Metasploit module exploits/unix/webapp/ajenti_auth_username_cmd_injection.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Ajenti's authentication mechanism by embedding shell commands in the JSON username field, leading to remote code execution. It demonstrates both direct command execution and a reverse shell via cron job manipulation.

Description

A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.

Exploits (2)

exploitdb WORKING POC

by Jeremy Brown · pythonwebappspython

https://www.exploit-db.com/exploits/47497

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Ajenti's authentication mechanism by embedding shell commands in the JSON username field, leading to remote code execution. It demonstrates both direct command execution and a reverse shell via cron job manipulation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Ajenti 2.1.31

No auth needed

Prerequisites: Network access to the target's Ajenti web interface (port 8000)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Jeremy Brown, Onur ER <[email protected]> · rubypocpython

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Ajenti 2.1.31 by injecting a Python payload into the username parameter during authentication. It leverages the API endpoint `/api/core/auth` to execute arbitrary commands, resulting in remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Ajenti 2.1.31

No auth needed

Prerequisites: Network access to the target · Ajenti service exposed on port 8000

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/47497

Patch, Third Party Advisory x_refsource_misc

https://github.com/ajenti/ajenti/commit/7aa146b724e0e20cfee2c71ca78fafbf53a8767c

Exploit, Patch, Third Party Advisory x_refsource_misc

https://vuldb.com/?id.143950

Scores

CVSS v3 6.3

EPSS 0.0512

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-78 CWE-269

Status published

Products (1)

ajenti/ajenti 2.1.31

Published Jun 09, 2022

Tracked Since Feb 18, 2026