CVE-2025-47273

This repository contains a functional exploit for CVE-2025-47273, a path traversal vulnerability in setuptools v78.1.0. The PoC demonstrates arbitrary file write by leveraging os.path.join() behavior with attacker-controlled URLs, leading to potential privilege escalation or RCE.

This repository contains a functional exploit for CVE-2025-47273, a path traversal vulnerability in setuptools v78.1.0. The PoC includes a malicious server and a command to overwrite arbitrary files, such as /root/.ssh/authorized_keys, leading to privilege escalation.

This repository contains a functional exploit for CVE-2025-47273, a path traversal vulnerability in setuptools version 78.1.0. The exploit leverages os.path.join() behavior to overwrite arbitrary files, demonstrated by overwriting /root/.ssh/authorized_keys for privilege escalation.

This repository contains a functional proof-of-concept exploit for CVE-2025-47273, a path traversal vulnerability in Python setuptools < 78.1.1. The exploit leverages the `PackageIndex` component's `_download_url` function to write arbitrary files to any location on the filesystem, demonstrated by writing an SSH public key to `/root/.ssh/authorized_keys`.

The repository contains functional exploit code for CVE-2025-32433, targeting Erlang/OTP SSH. The PoC demonstrates a pre-authentication RCE by sending crafted SSH packets to execute arbitrary commands on the server.