CVE-2025-0401

MEDIUM

reggie 1.0 - Path Traversal via CommonController Download Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-0401. PoCs published by JoasASantos, CyberSecurityUP, Darabium.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-0401, demonstrating a local privilege escalation via SUID binary abuse. The exploit uses shellcode to execute syscalls for setuid(0), setgid(0), and spawns a root shell, though it ultimately reveals itself as an April Fools' prank.

Description

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (3)

nomisec WORKING POC 36 stars
by JoasASantos · poc
https://github.com/JoasASantos/CVE-2025-0401

This repository contains a functional exploit for CVE-2025-0401, demonstrating a local privilege escalation via SUID binary abuse. The exploit uses shellcode to execute syscalls for setuid(0), setgid(0), and spawns a root shell, though it ultimately reveals itself as an April Fools' prank.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Systems with misconfigured /usr/bin/passwd SUID binary
No auth needed
Prerequisites: Misconfigured SUID binary (/usr/bin/passwd) · Local access to the system
devstral-2 · analyzed Mar 07, 2026 Full analysis →
nomisec WORKING POC 36 stars
by CyberSecurityUP · poc
https://github.com/CyberSecurityUP/CVE-2025-0401

This PoC demonstrates a local privilege escalation (LPE) via SUID binary abuse, using syscalls to setuid(0) and setgid(0) followed by spawning a root shell. However, the final output reveals it as an April Fools' prank with no actual privilege escalation.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: Misconfigured /usr/bin/passwd (SUID binary)
No auth needed
Prerequisites: SUID misconfiguration on /usr/bin/passwd · Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Darabium · poc
https://github.com/Darabium/Gombruc

The repository contains a bash script exploiting CVE-2025-0401 for Linux privilege escalation. The script manipulates environment variables to spawn a root shell, indicating a local privilege escalation (LPE) vulnerability.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Linux (all versions)
Auth required
Prerequisites: Local access to a vulnerable Linux system · Bash shell access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.291276
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.291276
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.473322
Issue Tracking issue-tracking
https://github.com/1902756969/reggie/issues/1

Scores

CVSS v3 5.3
EPSS 0.0124
EPSS Percentile 65.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
1902756969/reggie 1.0
Published Jan 13, 2025
Tracked Since Feb 18, 2026