CVE-2025-4517

This repository provides a detailed technical analysis of CVE-2025-4138 and CVE-2025-4517, which involve a path traversal vulnerability in Python's tarfile module. The vulnerability allows arbitrary file writes through symlink manipulation and filter bypass, leading to privilege escalation.

This repository contains a functional exploit for CVE-2025-4517, which leverages a tarfile symlink bypass via hardlink to achieve privilege escalation by writing to /etc/sudoers. The exploit uses a combination of deep directory structures, symlink chains, and hardlinks to bypass Python's tarfile filter protections.

This repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

This PoC exploits CVE-2025-4517, a path traversal vulnerability in Python's tarfile module, to overwrite /etc/sudoers and grant arbitrary users sudo privileges. It constructs a malicious tar archive with symlinks to bypass path checks and injects a sudoers entry for a specified user.

This repository contains a functional exploit for CVE-2025-4517, leveraging a tarfile symlink bypass via hardlink manipulation to achieve privilege escalation by writing to /etc/sudoers. The exploit uses a multi-phase approach with deep directory structures and symlink chains to bypass Python's tarfile filter protections.

This repository contains a functional exploit for CVE-2025-4517, leveraging a tarfile symlink and hardlink bypass to achieve privilege escalation by writing to /etc/sudoers. The exploit creates a malicious tar archive that manipulates path traversal and hardlinks to bypass Python's tarfile filter protections.

This repository contains a functional exploit for CVE-2025-4517, which leverages a tarfile symlink bypass via hardlink to achieve privilege escalation by writing to /etc/sudoers. The exploit uses a combination of deep directory structures, symlink loops, and hardlinks to bypass Python's tarfile filter protections.

This PoC exploits a path traversal vulnerability in Python's tarfile module (CVE-2025-4517) to overwrite arbitrary files, specifically targeting /etc/sudoers. It uses a combination of symlink loops, hard links, and directory traversal to achieve arbitrary file write during tar extraction.

This repository contains a functional exploit for CVE-2025-4517, which bypasses Python's tarfile filter='data' sandbox by crafting paths exceeding PATH_MAX, allowing arbitrary file writes. The PoC writes an SSH public key to /root/.ssh/authorized_keys for root access.

The repository contains functional exploit code for CVE-2025-4517, demonstrating a tarfile directory traversal vulnerability. The Python script creates a malicious tar archive with deep directory structures and symbolic links, which can be used to exploit the vulnerability.

This repository contains a functional exploit for CVE-2025-4517, which leverages a tarfile symlink and hardlink bypass in Python to achieve privilege escalation by writing to /etc/sudoers. The exploit creates a malicious tar archive that manipulates path traversal and hardlinks to bypass Python's tarfile filter protections.

This repository contains a functional exploit for CVE-2025-4517, leveraging a PATH_MAX overflow in Python's tarfile module to bypass security filters and write arbitrary files. The exploit specifically targets /etc/sudoers.d/ to achieve local privilege escalation by adding a user to the sudoers file.

This PoC exploits a directory traversal vulnerability in tar archive handling, allowing arbitrary file write via crafted symlinks and path traversal sequences. The script generates a malicious tar file that can escape intended directories and write files to arbitrary locations on the system.

This repository contains a functional Python script that generates a malicious tar archive exploiting CVE-2025-4138/CVE-2025-4517 (PATH_MAX truncation in Python's tarfile module) to achieve local privilege escalation by writing to /etc/sudoers.d/. The exploit constructs a symlink chain to bypass path resolution checks and injects a sudoers file granting passwordless root access.

This repository contains a functional exploit for CVE-2025-4517, which leverages a PATH_MAX overflow in Python's tarfile module to bypass symlink filters during tar extraction. The exploit constructs a malicious tar archive that can write arbitrary files to sensitive locations (e.g., /root/.ssh/authorized_keys) by chaining symlinks to exceed path length limits.

This repository contains a functional exploit PoC for CVE-2025-4517, which bypasses Python's tarfile.extractall filter via a PATH_MAX overflow in os.path.realpath(). The exploit generates a malicious tar archive that writes arbitrary files outside the extraction directory.