Share
## https://sploitus.com/exploit?id=F354B053-13FC-5D86-AFC6-896F8615D804
# CVE-2025-6018-and-CVE-2025-6019-Privilege-Escalation
This is just a quick note on how to exploit these vulnerabilities to get root.

Start by utilizing this tool on the attacker machine:
[[https://raw.githubusercontent.com/ibrahmsql/CVE-2025-6018/refs/heads/main/CVE-202](https://github.com/ibrahmsql/CVE-2025-6018)

You should now have a shell as the user. If it fails on HTB, just restart the machine if you can.

Then use this script locally on the attacker machine as sudo (Use Option L to generate):
[https://raw.githubusercontent.com/guinea-offensive-security/CVE-2025-6019/](https://github.com/guinea-offensive-security/CVE-2025-6019)

Once the xfs.image file is created, move both the script you ran locally and the xfs.image file to the victim using wget or SCP.

Run this before starting the sript: 
export PATH=$PATH:/sbin:/usr/sbin

Run the CVE-2025-6019 script and use the option C. 

You should now have root.