A C‑based proof‑of‑concept exploit for CVE‑2025‑54769, automating the creation and upload of a malicious Perl CGI script to LPAR2RRD’s upgrade endpoint, leveraging directory traversal for remote code execution.# CVE-2025-54769 – LPAR2RRD (RCE)
## Description :
This repository contains a Proof‑of‑Concept (PoC) exploit for CVE-2025-54769, a vulnerability found in lpar2rrd.
The vulnerability allows remote code execution (RCE) and directory traversal by abusing the /lpar2rrd-cgi/upgrade.sh endpoint. The exploit workflow is as follows:
- Script Generation :
Automatically creates a malicious Perl CGI payload (users.pl) that executes arbitrary shell commands (default: whoami).
- Payload Upload :
Uses libcurl to POST the generated script as an “upgrade package” to the vulnerable endpoint, bypassing basic file validation.
- Directory Traversal :
Exploits a path traversal flaw to move the uploaded script into the CGI directory, making it accessible for execution.
- Command Execution & Retrieval:
Triggers the CGI script via a crafted GET request (/lpar2rrd-cgi/users.sh?cmd=commandLinux) and captures the command output for the attacker.
## Usage :
```
gcc exploit.c argparse.c -o exploit -lcurl
./exploit -i <IP> -p PORT -t <PROTOCOL>
```
- Verbose Mode :
```
./exploit -i <IP> -p <PORT> -t <PROTOCOL> -v
```
Replace with the target LPAR2RRD instance. The target port should match the service (e.g., 80 for HTTP, 443 for HTTPS), and the protocol should be either http or https
## References :
- NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2025-54769
- CVE : https://www.cve.org/CVERecord?id=CVE-2025-54769
## License :
MIT License
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view