POC详情: 56e198914188a16c5b5a647f3b661b04fbad8735

来源
https://github.com/Tiger3080/CVE-2025-9267
关联漏洞
标题: Seagate Toolkit 安全漏洞 (CVE-2025-9267)
描述:Seagate Toolkit是美国Seagate公司的一个用于管理和备份数据的软件。 Seagate Toolkit 2.35.0.6之前版本存在安全漏洞,该漏洞源于未验证DLL来源或完整性,可能导致执行任意代码。
介绍
# CVE-2025-9267

## Description
In **Seagate Toolkit** on Windows there is an insecure DLL-loading vulnerability in the **Toolkit Installer** (prior to version **2.35.0.6**) where the installer attempts to load DLLs from the current working directory without validating their origin or integrity. An attacker who can place a malicious DLL in the same directory as the installer executable (for example by controlling the working/install directory) can cause the installer to load and execute that DLL with the privileges of the user running the installer, leading to arbitrary code execution. The issue stems from insecure DLL-loading practices such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries.

## Affected Product
- **Vendor:** Seagate Technology  
- **Product:** Seagate Toolkit  
- **Platform:** Windows  
- **Version:** Prior to 2.35.0.6  
- **Component:** Service executable path

## Vulnerability Details
- **Vulnerability Type:**  
  - CWE-427 — Uncontrolled Search Path Element  
  - CWE-426 — Untrusted Search Path  
- **Attack Type:** Local 
- **Impact:**  
  - Escalation to SYSTEM privileges  
- **CVE ID:** [CVE-2025-9267](https://nvd.nist.gov/vuln/detail/CVE-2025-9267)  
- **CVSS Score (CNA):** 7.0 (High)
- **CVSS Vector:** `CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N`

## Discoverer
Natthawut Saexu

## Proof of Concept (PoC)

The tester prepared a malicious DLL and a script to continuously copy it to the user-controlled path.
![PoC Screenshot](images/1.png)

The tester ran the installer and changed the installation path to a user-controllable location.
![PoC Screenshot](images/2.png)

After the installation completed, the tester gained a reverse shell back to the attack machine with SYSTEM privileges.
![PoC Screenshot](images/3.png)
![PoC Screenshot](images/4.png)

## References
- [NVD – CVE-2025-9267](https://nvd.nist.gov/vuln/detail/CVE-2025-9267)  
- [MITRE CVE Record](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9267)  
- [Vendor Advisory – Seagate](https://www.seagate.com/product-security/#security-advisories)
文件快照

 [4.0K]  /data/pocs/56e198914188a16c5b5a647f3b661b04fbad8735
├── [4.0K]  images
│   ├── [ 87K]  1.png
│   ├── [350K]  2.png
│   ├── [520K]  3.png
│   └── [1.4M]  4.png
└── [2.1K]  README.md

1 directory, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。