CVEs-PoC/2025/CVE-2025-1731.md at 4e4e30233e70832d643d5c6ab6fbfa6f130b4bb1

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-06-03 12:58:02 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.

POC

Reference

No PoCs from references.

Github

https://github.com/0xdea/advisories
https://github.com/0xdea/exploits
https://github.com/hnsecurity/vulns
https://github.com/rainpwn/exploits

1.2 KiB Raw Blame History

CVE-2025-1731

Description

POC

Reference

Github

1.2 KiB

Raw Blame History