CVE-2025-69257

Published: Dic 30, 2025 Last Modified: Dic 31, 2025
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,7
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations (e.g., `~/.config/theshit/`) without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with `sudo` or otherwise runs with an effective UID of root, it continues to trust configuration files originating from the unprivileged user's environment. This allows a local attacker to inject arbitrary Python code via a malicious rule or configuration file, which is then executed with root privileges. Any system where this tool is executed with elevated privileges is affected. In environments where the tool is permitted to run via `sudo` without a password (`NOPASSWD`), a local unprivileged user can escalate privileges to root without additional interaction. The issue has been fixed in version 0.1.1. The patch introduces strict ownership and permission checks for all configuration files and custom rules. The application now enforces that rules are only loaded if they are owned by the effective user executing the tool. When executed with elevated privileges (`EUID=0`), the application refuses to load any files that are not owned by root or that are writable by non-root users. When executed as a non-root user, it similarly refuses to load rules owned by other users. This prevents both vertical and horizontal privilege escalation via execution of untrusted code. If upgrading is not possible, users should avoid executing the application with `sudo` or as the root user. As a temporary mitigation, ensure that directories containing custom rules and configuration files are owned by root and are not writable by non-root users. Administrators may also audit existing custom rules before running the tool with elevated privileges.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 75 Days)

269

Improper Privilege Management

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
284

Improper Access Control

Incomplete
Abstraction: Pillar Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
View CWE Details
829

Inclusion of Functionality from Untrusted Control Sphere

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/AsfhtgkDavid/theshit/commit/8e0b565e7876…
https://github.com/AsfhtgkDavid/theshit/commit/8e0b565e7876a83b0e1cfbacb8af39da…
https://github.com/AsfhtgkDavid/theshit/security/advisories…
https://github.com/AsfhtgkDavid/theshit/security/advisories/GHSA-95qg-89c2-w5hj