Filtered by vendor Clash-verge
Subscriptions
Filtered by product Clash-verge
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50505 | 1 Clash-verge | 1 Clash-verge | 2025-10-09 | 7.8 High |
| Clash Verge Rev thru 2.2.3 forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation. | ||||
Page 1 of 1.