CVE-2024-25082

This repository contains a detailed technical writeup for CVE-2024-25082, focusing on a prototype pollution vulnerability in a Node.js application. It includes a step-by-step analysis of the vulnerability, exploitation steps, and patching guidance.

This is a detailed technical writeup of a HackTheBox machine (VariaType) that includes an exploitation chain involving multiple CVEs, including CVE-2024-25082. It provides in-depth analysis of each step, from initial access via exposed git history to privilege escalation using a setuptools vulnerability.

This repository contains a functional exploit for CVE-2024-25082, demonstrating remote code execution in FontForge via a crafted ZIP archive with a malicious filename. The exploit generates a reverse shell payload and embeds it in a ZIP file, which when processed by the vulnerable software, executes arbitrary commands.

This repository contains a functional proof-of-concept exploit for CVE-2024-25082, demonstrating command injection in FontForge via crafted TAR archive filenames. The exploit leverages unsanitized filenames to execute arbitrary shell commands, resulting in remote code execution.