CVE-2024-25081

MEDIUM

FontForge <20230101 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-25081. PoCs published by AliElKhatteb, InzegoSec.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-25081 (FontForge command injection via malicious ZIP filenames) and CVE-2025-47273 (setuptools path traversal for SSH key deployment). Both exploits are complete with reverse shell generation and HTTP server setup.

Description

Splinefont in FontForge through 20230101 allows command injection via crafted filenames.

Exploits (2)

github FAILED 1 stars

by AliElKhatteb · poc

https://github.com/AliElKhatteb/CVE-2024-25082_CVE-2024-25081

View Code ZIP pw:eip

nomisec WORKING POC

by InzegoSec · poc

https://github.com/InzegoSec/CVE-2024-25081_2025-47273

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-25081 (FontForge command injection via malicious ZIP filenames) and CVE-2025-47273 (setuptools path traversal for SSH key deployment). Both exploits are complete with reverse shell generation and HTTP server setup.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FontForge ≤ 20230101 and setuptools < 78.1.1

No auth needed

Prerequisites: network access to target · ability to deliver malicious ZIP file (CVE-2024-25081) · write access to sensitive directories (CVE-2025-47273)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 20, 2026 Full analysis →