Share
## https://sploitus.com/exploit?id=593D695F-5691-5D05-B5AF-3AED23364FB0
# CVE-2025-6019-udisks-lpe-no-image
Script-only privilege escalation chain using CVE-2025-6019 and UDisks2 (no filesystem image included).

# Credits, Context & Exploit Chain

This repository does not introduce a new vulnerability.
The privilege-escalation technique implemented here is fully based on previously published research.
I could not find an existing script that operates without on-target image creation, which motivated the creation of this automation script.

# Original Research & Advisory

The root cause analysis, exploitation workflow, and mitigation guidance were researched and disclosed by the original CVE authors:

๐Ÿ”— https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt

All credit goes to the original researchers for the discovery and responsible disclosure.

Exploit Chain Overview

**This script is not a standalone exploit and must be used as part of a chained attack path.**

# Required Exploitation Flow

**CVE-2025-6018 must be exploited first**
This step is required to obtain the correct execution context and D-Bus permissions.
This repository does not provide an exploit for CVE-2025-6018.

After successful exploitation of CVE-2025-6018, the attacker gains the ability to interact with:

org.freedesktop.login1
org.freedesktop.UDisks2

A crafted sequence of gdbus and udisks operations is then used to trigger a logic flaw,
resulting in a privileged filesystem operation.

This ultimately leads to the creation of a SUID-privileged shell, allowing escalation to root.

# Filesystem Image Requirement

This PoC is specifically adapted for systems where mkfs.xfs is NOT available on the target.
Instead of creating a filesystem dynamically, it relies on a pre-existing XFS image.
The image creation process and recommended workflow are documented in the original advisory and must be followed exactly:

๐Ÿ”— https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt

**The image must be prepared separetly before running this script and is considered part of the overall exploit chain.**

Assumptions & Scope

Target system is a vulnerable SUSE / openSUSE-based environment
**CVE-2025-6018 has already been successfully exploited**
Required D-Bus services are available and reachable
This script focuses on reliability and clarity, not stealth or evas