CVE-2025-11906

Description

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service initialization.

CVSS Details

CVSS Score

6.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Progress Flowmon < 12.5.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2025-11906 PoC - Progress Flowmon Local Privilege Escalation
# Requires: SSH access to flowmon system user account

echo "[*] CVE-2025-11906 Progress Flowmon Privilege Escalation Check"
echo "[*] Target: Flowmon < 12.5.6"

# Check if running as flowmon user
current_user=$(whoami)
echo "[*] Current user: $current_user"

if [ "$current_user" != "flowmon" ]; then
    echo "[!] This PoC requires flowmon user privileges"
    exit 1
fi

# Check for misconfigured files in common Flowmon paths
config_paths=(
    "/opt/flowmon/etc/"
    "/opt/flowmon/conf/"
    "/etc/flowmon/"
    "/var/lib/flowmon/"
)

echo "[*] Checking for misconfigured configuration files..."
for path in "${config_paths[@]}"; do
    if [ -d "$path" ]; then
        echo "[+] Found directory: $path"
        # Check for world-readable/writable files
        find "$path" -type f \( -perm -004 -o -perm -002 \) 2>/dev/null
    fi
done

# Check for writable service initialization scripts
service_paths=("/etc/init.d/flowmon" "/etc/systemd/system/flowmon*")
for sp in "${service_paths[@]}"; do
    if [ -f "$sp" ]; then
        perms=$(stat -c "%a" "$sp" 2>/dev/null)
        if [ "$perms" == "777" ] || [ "$perms" == "775" ]; then
            echo "[!] WARNING: $sp has permissive permissions ($perms)"
        fi
    fi
done

echo "[*] Enumeration complete"
echo "[!] If vulnerable, exploitation requires modifying startup scripts"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11906
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11906
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11906/
[4] VulDB https://vuldb.com/cve/CVE-2025-11906
[5] https://community.progress.com/s/article/Progress-Flowmon-CVE-2025-11906

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11906", "sourceIdentifier": "[email protected]", "published": "2025-10-30T08:15:32.003", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service initialization."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-732"}]}], "references": [{"url": "https://community.progress.com/s/article/Progress-Flowmon-CVE-2025-11906", "source": "[email protected]"}]}}