CVE-2019-5475

HIGH LAB

Sonatype Nexus Repository Manager 2.0-2.14.8 - Remote Code Execution via Yum Configuration Capability

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2019-5475. PoCs published by jaychouzzk, EXP-Docs, rabbitmask.

AI-analyzed exploit summary This PoC exploits CVE-2019-5475 in Nexus Repository Manager by sending a malicious PUT request to the capabilities endpoint, injecting a reverse shell payload via the 'createrepoPath' property. The payload attempts to establish a reverse shell connection to 127.0.0.1 on port 6666.

Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Exploits (4)

nomisec WORKING POC 7 stars
by jaychouzzk · poc
https://github.com/jaychouzzk/CVE-2019-5475-Nexus-Repository-Manager-

This PoC exploits CVE-2019-5475 in Nexus Repository Manager by sending a malicious PUT request to the capabilities endpoint, injecting a reverse shell payload via the 'createrepoPath' property. The payload attempts to establish a reverse shell connection to 127.0.0.1 on port 6666.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nexus Repository Manager
No auth needed
Prerequisites: Network access to the target Nexus Repository Manager instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by EXP-Docs · poc
https://github.com/EXP-Docs/CVE-2019-5475

This repository contains a proof-of-concept exploit for CVE-2019-5475 and CVE-2019-15588, which are command injection vulnerabilities in Nexus Repository Manager's Yum plugin. The PoC demonstrates remote code execution (RCE) via command injection in the 'createrepo' and 'mergerepo' path fields.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nexus Repository Manager (versions 2.14.9 and 2.14.14)
Auth required
Prerequisites: Admin credentials for Nexus Repository Manager · Access to the Nexus administration interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by rabbitmask · poc
https://github.com/rabbitmask/CVE-2019-5475-EXP

This PoC exploits CVE-2019-5475, a remote command execution vulnerability in Nexus Repository Manager 2.x. It leverages the 'mergerepo' configuration to inject and execute arbitrary commands via a crafted JSON payload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nexus Repository Manager 2.x
Auth required
Prerequisites: Valid authentication credentials · Access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/lyy289065406/cve-2019-5475

This repository provides a functional exploit PoC for CVE-2019-5475, a command injection vulnerability in Nexus Repository Manager's Yum plugin. It includes Docker-based environments for both CVE-2019-5475 and CVE-2019-15588, along with Java code to simulate the vulnerability and payloads for RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nexus Repository Manager (2.14.9, 2.14.14)
Auth required
Prerequisites: admin credentials (default: admin/admin123) · Docker and docker-compose installed
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/654888

Scores

CVSS v3 8.8
EPSS 0.7960
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull sonatype/nexus:2.14.9-01
docker pull sonatype/nexus:2.14.14-01
+1 more repos

Details

CWE
CWE-78
Status published
Products (2)
org.sonatype.nexus.plugins/nexus-yum-repository-plugin 0 - 2.14.14Maven
sonatype/nexus_repository_manager 2.0 - 2.14.9-01
Published Sep 03, 2019
Tracked Since Feb 18, 2026