Share
## https://sploitus.com/exploit?id=0A19BE4B-E2F2-542C-B69F-D578E6D27C3F
# CVE-2025-27590 - PoC Exploit (Command Injection via Multipart Form Upload)
## ๐ Description
This is a Proof-of-Concept (PoC) exploit for **CVE-2025-27590**, a command injection vulnerability affecting web applications that process multipart file uploads without proper sanitization. The vulnerability allows remote attackers to execute arbitrary shell commands by crafting malicious form-data payloads.
---
## ๐ง Vulnerability Summary
- **Type**: Command Injection
- **Vector**: HTTP `multipart/form-data`
- **Affected Parameter**: `cloginrc` and `file1` form parts
- **Impact**: Arbitrary shell command execution, including SSH key injection
---
## ๐ Usage
python3 exploit_cve_2025_27590.py -u <TARGET_IP_OR_DOMAIN> -p <PORT> -l <PATH_TO_WRITE>
python3 exploit_cve_2025_27590.py -u 172.20.221.195 -p 8888 -l /home/oxidized/.bashrc