{"uuid": "0d70dbf0-bb91-4191-a1fe-06ba86b13fc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12744", "type": "published-proof-of-concept", "source": "https://t.me/P0x3k_1N73LL1G3NC3/205", "content": "CVE-2025-12744: Local Privilege Escalation in Fedora Linux via ABRT.\n\nThe ABRT (Automatic Bug Reporting Tool) daemon is a root process that runs an HTTP server on a world-writable UNIX socket to accept error reports from any process. It passes 12 characters of user-controlled text directly into a shell command, with minimal validation. Using a specially crafted multi-stage payload, an attacker can force the ABRT daemon to run arbitrary shell commands. This includes escaping ABRT\u2019s systemd sandbox and gaining complete control over the system.\n\nWriteup: https://initblog.com/2025/abrt-root/\n\nPOC: https://github.com/initstring/abrt_root", "creation_timestamp": "2025-12-07T06:50:28.000000Z"}