This repository contains an exploit PoC for CVE-2025-12744, a local privilege escalation vulnerability in default installations of Fedora Linux (versions 43 and below, both Desktop and Server).
The flaw stems from a command injection in the ABRT daemon, allowing any local user to gain root privileges.
For a deep dive into the discovery and exploitation process, read the full writeup: Privilege Escalation in Fedora Linux: Exploiting ABRT for root.
The exploit is straight-forward. You run it as a low-privilege user, and it will add your account to /etc/sudoers. When complete, you should be able to run sudo with no password.
python3 abrt_root.pyYou need to run the script from within a directory that you can write to (as it stages another payload there). That directory cannot have some special characters in it (like -). To keep things simple, running it from your home directory (like /home/lowpriv) should work fine.