CVE-2025-4138

This repository contains a proof-of-concept exploit for CVE-2025-4138 and CVE-2025-4517, which involve a path traversal vulnerability in Python's tarfile module. The exploit bypasses extraction filters via a symlink chain that exceeds PATH_MAX, enabling arbitrary file writes and potential privilege escalation.

This repository contains a functional exploit for CVE-2025-4138, which bypasses Python's tarfile filter by leveraging a PATH_MAX symlink chain to achieve arbitrary file write outside the extraction directory. The exploit constructs a malicious tar file with a series of symlinks that overflow the path resolution buffer, allowing an attacker to write files to arbitrary locations on the target system.

This exploit leverages a tar symlink path traversal vulnerability (CVE-2025-4138) to escape directory restrictions and overwrite /root/.ssh/authorized_keys, achieving root RCE via SSH. The PoC automates key generation, malicious tar creation, and exploit triggering.

This repository contains a functional Python script that generates a malicious tar archive exploiting CVE-2025-4138 (Path Traversal via PATH_MAX Truncation in Python's tarfile module). The exploit creates a symlink chain to bypass path resolution checks and writes a sudoers file to grant passwordless root access.

This repository contains a functional exploit for CVE-2025-4138, a directory traversal vulnerability in Python's TarFile module. The exploit leverages symlinks and path manipulation to bypass PATH_MAX checks, allowing arbitrary file writes (e.g., SSH authorized_keys) for privilege escalation.