CVE-2024-25291

CRITICAL

Deskfiler 1.2.3 - Remote Code Execution via Crafted Plugin Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-25291. PoCs published by EQSTLab.

AI-analyzed exploit summary This PoC demonstrates a remote code execution (RCE) vulnerability in DeskFiler 1.2.3 via Electron webview manipulation. The exploit involves crafting a malicious plugin that redirects to an attacker-controlled server, which then executes arbitrary commands (e.g., launching calc.exe).

Description

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.

Exploits (1)

nomisec WORKING POC

by EQSTLab · poc

https://github.com/EQSTLab/CVE-2024-25291

View Code ZIP pw:eip

This PoC demonstrates a remote code execution (RCE) vulnerability in DeskFiler 1.2.3 via Electron webview manipulation. The exploit involves crafting a malicious plugin that redirects to an attacker-controlled server, which then executes arbitrary commands (e.g., launching calc.exe).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DeskFiler 1.2.3

No auth needed

Prerequisites: Attacker-controlled server hosting malicious HTML/JS · Victim must install the malicious plugin

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291

Scores

CVSS v3 9.8

EPSS 0.0160

EPSS Percentile 72.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

deskfiler/deskfiler 1.2.3

Published Feb 29, 2024

Tracked Since Feb 18, 2026