CVE-2025-50505

HIGH

Clash Verge Rev <2.3.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-50505. PoCs published by a0yami, bron1e.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-50505, an unauthenticated API vulnerability in Clash Verge Rev that allows arbitrary command execution and privilege escalation. It includes exploitation vectors for both local privilege escalation and remote code execution via LAN or DNS rebinding attacks.

Description

Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.

Exploits (2)

nomisec WRITEUP 15 stars

by a0yami · poc

https://github.com/a0yami/CVE-2025-50505

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-50505, an unauthenticated API vulnerability in Clash Verge Rev that allows arbitrary command execution and privilege escalation. It includes exploitation vectors for both local privilege escalation and remote code execution via LAN or DNS rebinding attacks.

Classification

Writeup 100%

Attack Type

Rce | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Clash Verge Rev <= v2.2.3

No auth needed

Prerequisites: Clash Verge Rev installed with elevated privileges · LAN access or DNS rebinding setup for RCE

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 23, 2026 Full analysis →