## https://sploitus.com/exploit?id=569A1192-388B-59BA-8A9D-7D0B12A341C8
# CVE-2025-5419
An uninitialized read vulnerability by incorrect Turboshaft Store-Store Elimination in V8.
This repository contains analysis and stablized exploit to escalate this vulnerability to achieve in-V8-sandbox Arbitrary Read / Write, AddressOf & FakeObject primitives.
Analysis: [CVE-2025-5419.pdf](CVE-2025-5419.pdf)
## Reproduce Information
- OS: Ubuntu 24.04
- Git Commit: [609a85c2a1bd77d6f6905369f4bc4fcf34c5db09](https://chromium.googlesource.com/v8/v8/+/609a85c2a1bd77d6f6905369f4bc4fcf34c5db09)
## Acknowledgement
- Shoutout to [Clement Lecigne @_clem1](https://x.com/_clem1) and [Benoît Sevens @benoitsevens](https://x.com/benoitsevens) for finding the bug.
- Shoutout to [@mistymntncop](https://x.com/mistymntncop) for providing a wonderfully crafted exploit.
## References
1. https://issues.chromium.org/issues/420636529
2. https://github.com/mistymntncop/CVE-2025-5419/blob/main/exploit.js
3. https://chromium-review.googlesource.com/c/v8/v8/+/6594051
## Disclaimer
This repository is intended solely for educational purposes and must not be used for any malicious activities.