Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-57392. PoCs published by meisterlos.
AI-analyzed exploit summary This PoC demonstrates an insecure file permissions vulnerability in BenimPOS Desktop V3.0, allowing standard users to replace executable files with malicious ones due to overly permissive ACLs. The exploit involves replacing BenimPOS.exe with a custom executable (e.g., launching calc.exe) to achieve privilege escalation or code execution.
Description
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon launch by another user or elevated context.
Exploits (1)
This PoC demonstrates an insecure file permissions vulnerability in BenimPOS Desktop V3.0, allowing standard users to replace executable files with malicious ones due to overly permissive ACLs. The exploit involves replacing BenimPOS.exe with a custom executable (e.g., launching calc.exe) to achieve privilege escalation or code execution.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H