VYPR
High severityNVD Advisory· Published Aug 1, 2025· Updated Apr 15, 2026

CVE-2012-10022

CVE-2012-10022

Description

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lxcenter/Kloxoreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=6.1.12

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.