## https://sploitus.com/exploit?id=5F914613-99B6-5471-9C8F-18D1B5B35813
# CVE-2025-4138 Auto-Sudo Generator
A Python script to generate a malicious tar archive that exploits **CVE-2025-4138** / **CVE-2025-4517** (Path Traversal via `PATH_MAX` Truncation).
Successfully exploiting this vulnerability allows an attacker to bypass `tarfile` extraction filters and write arbitrary files to the filesystem. This tool specifically targets `/etc/sudoers.d/` to grant passwordless root privileges.
## Usage
Generate the exploit payload:
```bash
python3 exploit.py -o exploit.tar
```
### Options
* `-o, --output`: **Required**. The path to save the malicious tar file.
* `-u, --user`: **Optional**. The target username to grant sudo privileges to. Defaults to the current user running the script.
## Attack Workflow
1. **Generate**: Run the script to create `exploit.tar`.
```bash
python3 exploit.py -o exploit.tar
```
2. **Deploy**: Transfer `exploit.tar` to the target machine.
3. **Trigger**: Wait for a privileged process (e.g., system backup, update tool, or SUID binary) running a vulnerable Python version to extract the archive.
```bash
sudo /usr/local/bin/python3 vulnerable.py -b exploit.tar -r restore_final
```
* **Vulnerable Versions**: Python 3.12.0โ3.12.10, 3.13.0โ3.13.3.
4. **Escalate**: Once extracted, the payload `/etc/sudoers.d/` is created.
```bash
sudo su
# Enjoy root shell
```
## Disclaimer
This tool is for educational purposes and authorized security research only. Misuse of this software violates the law. The author is not responsible for any damage caused by the use of this tool.
---
*CVE-2025-4138 Auto-Sudo by kyakei*