CVE-2025-12744

HIGH

Red Hat ABRT - Command Injection via Mount Information

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-12744. PoCs published by Chris, initstring.

AI-analyzed exploit summary This is a functional local privilege escalation exploit for CVE-2025-12744, targeting a command injection vulnerability in the ABRT daemon on Fedora Linux (versions 43 and below). The exploit uses a multi-stage approach to bypass character restrictions and ultimately modify `/etc/sudoers` to grant the current user passwordless sudo access.

Description

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Exploits (2)

exploitdb FAILED

by Chris · pythonlocallinux

https://www.exploit-db.com/exploits/52515

View Code ZIP pw:eip

nomisec WORKING POC 6 stars

by initstring · poc

https://github.com/initstring/abrt_root

View Code ZIP pw:eip

This is a functional local privilege escalation exploit for CVE-2025-12744, targeting a command injection vulnerability in the ABRT daemon on Fedora Linux (versions 43 and below). The exploit uses a multi-stage approach to bypass character restrictions and ultimately modify `/etc/sudoers` to grant the current user passwordless sudo access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Fedora Linux ABRT daemon (versions 43 and below)

Auth required

Prerequisites: Local user access on a vulnerable Fedora Linux system · ABRT daemon running with default configuration · Write permissions in the current working directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-12744

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2412467

Scores

CVSS v3 8.8

EPSS 0.0056

EPSS Percentile 42.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (3)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Published Dec 03, 2025

Tracked Since Feb 18, 2026