CVE-2012-10022: Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsue...

Description

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.

Metrics

CVSS 4.0

8.5/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.44%

34.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-269

References

Timeline

Published: Aug 1, 2025
Last Modified: Jun 16, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2012-10022?

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.

How severe is CVE-2012-10022?

CVE-2012-10022 has a CVSS score of 8.5/10 (HIGH severity). The EPSS model estimates a 0.44% probability of exploitation in the next 30 days.

How do I fix CVE-2012-10022?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.