Vulnerability Database

319,703

Total vulnerabilities in the database

CVE-2025-50505

Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API /start_clash, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.

Published: Oct 7, 2025
Updated: Jan 22, 2026
CVE: CVE-2025-50505
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-250

Affected Software
References

No affected software listed.

https://github.com/bron1e/CVE-2025-50505
https://github.com/cisagov/vulnrichment/issues/206
https://github.com/clash-verge-rev/clash-verge-rev
https://github.com/clash-verge-rev/clash-verge-service
https://www.clashverge.dev/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo