CVE-2022-37706

HIGH

Ubuntu Enlightenment Mount Priv Esc

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 9 public exploits for CVE-2022-37706. PoCs published by nu11secur1ty, MaherAzzouzi, ECU-10525611-Xander, including Metasploit module exploits/linux/local/ubuntu_enlightenment_mount_priv_esc.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in Enlightenment's setuid binary (enlightenment_sys) to escalate privileges by manipulating pathnames starting with /dev/.., ultimately spawning a root shell.

Description

enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.

Exploits (9)

exploitdb WORKING POC
by nu11secur1ty · textlocallinux
https://www.exploit-db.com/exploits/51180

This exploit leverages a path traversal vulnerability in Enlightenment's setuid binary (enlightenment_sys) to escalate privileges by manipulating pathnames starting with /dev/.., ultimately spawning a root shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Enlightenment v0.25.3
No auth needed
Prerequisites: Local access to the system · Enlightenment v0.25.3 installed with vulnerable setuid binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 323 stars
by MaherAzzouzi · poc
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit

This repository contains a functional exploit for CVE-2022-37706, a local privilege escalation vulnerability in Enlightenment's SUID binary `enlightenment_sys`. The exploit leverages a command injection flaw in the mount functionality to execute arbitrary commands as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Enlightenment (enlightenment_sys) on Linux
No auth needed
Prerequisites: Enlightenment installed with vulnerable SUID binary present · Local access to the system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by ECU-10525611-Xander · poc
https://github.com/ECU-10525611-Xander/CVE-2022-37706

This repository contains a functional exploit for CVE-2022-37706, a local privilege escalation vulnerability in Enlightenment's `enlightenment_sys` SUID binary. The exploit leverages a path traversal flaw to execute arbitrary commands with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Enlightenment (enlightenment_sys)
No auth needed
Prerequisites: Enlightenment installed with vulnerable SUID binary present
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by d3ndr1t30x · poc
https://github.com/d3ndr1t30x/CVE-2022-37706

This repository contains a functional exploit for CVE-2022-37706, a local privilege escalation vulnerability in Enlightenment v0.25.3. The exploit abuses improper pathname handling in the `enlightenment_sys` SUID binary to execute arbitrary commands as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Enlightenment v0.25.3 and earlier
Auth required
Prerequisites: Access to a vulnerable system with Enlightenment installed · Low-privileged user access
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by KaoXx · poc
https://github.com/KaoXx/CVE-2022-37706

The repository contains a functional exploit for CVE-2022-37706, a local privilege escalation vulnerability in the Enlightenment window manager's `enlightenment_sys` binary. The exploit manipulates file paths and leverages the SUID bit to execute arbitrary code as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Enlightenment window manager (enlightenment_sys binary)
No auth needed
Prerequisites: Enlightenment window manager installed · SUID bit set on enlightenment_sys binary
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by sanan2004 · poc
https://github.com/sanan2004/CVE-2022-37706

The repository contains a functional exploit for CVE-2022-37706, a local privilege escalation vulnerability in Enlightenment's SUID binary `enlightenment_sys`. The exploit leverages a command injection flaw by manipulating file paths and environment variables to execute arbitrary commands as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Enlightenment (enlightenment_sys) on Linux
No auth needed
Prerequisites: Enlightenment installed with vulnerable SUID binary present · Local access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by TACTICAL-HACK · poc
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID

The repository contains a functional exploit for CVE-2022-37706, targeting a privilege escalation vulnerability in Enlightenment v0.25.3 via a SUID binary. The exploit leverages improper path handling in the `enlightenment_sys` binary to execute arbitrary commands with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Enlightenment v0.25.3
No auth needed
Prerequisites: Enlightenment v0.25.3 installed · SUID binary `enlightenment_sys` present on the system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by junnythemarksman · poc
https://github.com/junnythemarksman/CVE-2022-37706

This repository contains a functional exploit for CVE-2022-37706, targeting a local privilege escalation (LPE) vulnerability in the Enlightenment window manager's SUID binary. The exploit leverages improper path handling to execute arbitrary commands with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Enlightenment window manager (specific version not specified)
No auth needed
Prerequisites: Enlightenment installed with vulnerable SUID binary · Local access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GREAT
by h00die, Maher Azzouzi · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ubuntu_enlightenment_mount_priv_esc.rb

This Metasploit module exploits a command injection vulnerability in Enlightenment's enlightenment_sys binary (CVE-2022-37706) by injecting a semi-colon to execute arbitrary commands, achieving local privilege escalation on Ubuntu 22.04.1 with enlightenment 0.25.3-1.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Enlightenment enlightenment_sys (0.25.3-1)
No auth needed
Prerequisites: SUID enlightenment_sys binary · Write access to a directory (default /tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0549
EPSS Percentile 91.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (1)
enlightenment/enlightenment < 0.25.4
Published Dec 25, 2022
Tracked Since Feb 18, 2026