CVE-2025-69257 (CNNVD-202512-5080)

MEDIUM
中文标题:
The Shit 安全漏洞
英文标题:
theshit vulnerable to unsafe loading of user-owned Python rules when running as root.
CVSS分数: 6.7
发布时间: 2025-12-30 19:15:17
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

The Shit是AsfhtgkDavid个人开发者的一个用于自动检测和修复shell命令中的常见错误的命令行实用程序。 The Shit 0.1.1之前版本存在安全漏洞,该漏洞源于以高权限运行时未验证配置文件和规则的所有权,可能导致权限提升。

英文描述:

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations (e.g., `~/.config/theshit/`) without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with `sudo` or otherwise runs with an effective UID of root, it continues to trust configuration files originating from the unprivileged user's environment. This allows a local attacker to inject arbitrary Python code via a malicious rule or configuration file, which is then executed with root privileges. Any system where this tool is executed with elevated privileges is affected. In environments where the tool is permitted to run via `sudo` without a password (`NOPASSWD`), a local unprivileged user can escalate privileges to root without additional interaction. The issue has been fixed in version 0.1.1. The patch introduces strict ownership and permission checks for all configuration files and custom rules. The application now enforces that rules are only loaded if they are owned by the effective user executing the tool. When executed with elevated privileges (`EUID=0`), the application refuses to load any files that are not owned by root or that are writable by non-root users. When executed as a non-root user, it similarly refuses to load rules owned by other users. This prevents both vertical and horizontal privilege escalation via execution of untrusted code. If upgrading is not possible, users should avoid executing the application with `sudo` or as the root user. As a temporary mitigation, ensure that directories containing custom rules and configuration files are owned by root and are not writable by non-root users. Administrators may also audit existing custom rules before running the tool with elevated privileges.

CWE类型:
CWE-284 CWE-269 CWE-829
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
AsfhtgkDavid theshit < 0.1.1 - - cpe:2.3:a:asfhtgkdavid:theshit:<_0.1.1:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/AsfhtgkDavid/theshit/security/advisories/GHSA-95qg-89c2-w5hj x_refsource_CONFIRM
cve.org
访问
https://github.com/AsfhtgkDavid/theshit/commit/8e0b565e7876a83b0e1cfbacb8af39dadfdcc500 x_refsource_MISC
cve.org
访问
CVSS评分详情
3.1 (cna)
MEDIUM
6.7
CVSS向量: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2025-12-30 19:15:17
修改时间:
2025-12-30 19:28:19
创建时间:
2026-01-12 02:12:33
更新时间:
2026-01-20 03:10:44
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-69257 2025-12-31 03:16:23 2026-01-12 02:12:33
NVD nvd_CVE-2025-69257 2026-01-01 04:27:49 2026-01-12 02:28:15
CNNVD cnnvd_CNNVD-202512-5080 2026-01-11 06:15:03 2026-01-12 02:38:08
版本与语言
当前版本: v3
主要语言: EN
支持语言:
ZH EN
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2026-01-12 02:38:08
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202512-5080; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-202512-5080
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2026-01-12 02:28:15
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']