Lucene search
K

Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape

🗓️ 11 Aug 2025 00:00:00Reported by nu11secur1tyType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 268 Views

PoC sim of sandbox escape and privilege escalation in Edge malicious renderer Mojo IPC on Windows 11

Related
Code
ReporterTitlePublishedViews
Family
FreeBSD
electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo
27 Mar 202500:00
freebsd
GithubExploit
Exploit for CVE-2025-2783
6 Apr 202503:49
githubexploit
GithubExploit
Exploit for CVE-2025-2783
1 Apr 202609:33
githubexploit
GithubExploit
Exploit for CVE-2025-2783
26 May 202512:51
githubexploit
GithubExploit
Exploit for CVE-2025-2783
25 Jun 202608:39
githubexploit
GithubExploit
Exploit for CVE-2025-2783
15 Jun 202618:01
githubexploit
ATTACKERKB
CVE-2025-2783
26 Mar 202500:00
attackerkb
AlpineLinux
CVE-2025-2783
26 Mar 202516:07
alpinelinux
AlpineLinux
CVE-2025-2857
27 Mar 202514:15
alpinelinux
Information Security Automation
June Linux Patch Wednesday
1 Jul 202511:28
avleonov
Rows per page
# Titles: Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
# Author: nu11secur1ty
# Date: 08/07/2025
# Vendor: Microsoft
# Software: https://www.microsoft.com/en-us/software-download/windows11
# Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730
# CVE-2025-2783

## Description

This project contains a **proof-of-concept (PoC)** simulation for
**CVE-2025-2783**, a sandbox escape and privilege escalation vulnerability
affecting the Microsoft Mojo IPC subsystem on Windows 11 Pro.
The simulation demonstrates how a malicious renderer process could exploit
a crafted IPC message to escape sandbox restrictions and escalate
privileges, potentially leading to full system compromise.

---

## Disclaimer

**This code is provided for educational and responsible disclosure purposes
only.**
Do NOT use it for unauthorized testing or attacks on systems you do not own
or have explicit permission to test.

The author(s) created this simulation in a controlled environment (virtual
machine) to safely demonstrate the vulnerability before reporting it to
Microsoft Security Response Center (MSRC).

---

## Components

- `kur.py`: The main PoC Python script.
  It can run as either:
  - A phishing server hosting a malicious payload file
  - An exploit client that downloads the payload, simulates IPC
communication, and triggers the sandbox escape.

- `malicious_input.mojopipe`: The generated malicious payload JSON file
(created at runtime).

- `incident.log`: Log file recording actions and simulated system
information captured during exploitation.

---

## Usage

### Prerequisites

- Python 3.7 or later on Windows 11 Pro (preferably in a VM for safety).
- Administrator privileges recommended for full information output.

### Steps

1. **Start the phishing server** (in one terminal):
    ```bash
    python kur.py
    ```
    Enter choice: `1`
    This hosts the malicious payload file on `http://<your_ip>:8080/`.

2. **Run the exploit client** (in another terminal on the same machine):
    ```bash
    python kur.py
    ```
    Enter choice: `2`
    This downloads the payload, simulates the IPC communication, and
attempts sandbox escape.

3. **Observe logs** in `incident.log` and console output for evidence of
the simulated exploit.

---

## Technical Details

- The PoC simulates Mojo IPC message passing using Python's
`multiprocessing.connection` module.
- The exploit payload contains a special handle value that triggers the
sandbox escape simulation.
- When triggered, the PoC logs user and system info to demonstrate
privilege escalation.
- The phishing server serves the malicious payload to mimic real-world
attack vector.

---

## Responsible Disclosure

This simulation was developed to responsibly disclose the vulnerability to
Microsoft Security Response Center (MSRC). Please coordinate with MSRC
before any public release or use.

# Video-demo:
[href](https://www.youtube.com/watch?v=MvwtRybi6ac)


# Buy me a coffee if you are not ashamed:
[href](https://www.paypal.com/donate/?hosted_button_id=ZPQZT5XMC5RFY)



# Time spent:
03:35:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

-- 

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Aug 2025 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.18.3
EPSS0.08404
SSVC
268