CVE-2025-50505 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the una…
High CVSS: 7.8

CVE-2025-50505

Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.
Vendor
-
Product
-
CWE
CWE-250
Yayın Tarihi
2025-10-07 14:15:37
Güncelleme
2026-01-21 15:16:06
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-250 HIGH 2025

Referanslar

https://github.com/bron1e/CVE-2025-50505 https://github.com/cisagov/vulnrichment/issues/206 https://github.com/clash-verge-rev/clash-verge-rev https://github.com/clash-verge-rev/clash-verge-service https://www.clashverge.dev/