What is CVE-2012-10022?

CVE-2012-10022 is a vulnerability in Lxcenter Kloxo, classified under Improper Privilege Management. Published 2025-08-01.

Is CVE-2012-10022 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Lxcenter Kloxo

CVE-2012-10022

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if th…

Vulnerability class: Privilege Escalation

EPSS: 0.030 (86.9th percentile) — read the EPSS interpretation.

Affected products

Lxcenter Kloxo — versions 0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/25406 (exploit)
web.archive.org/web/20121122063935/http://roothackers.net/showthread.php (technical-description, exploit)
kloxo.org/ (product)
github.com/KloxoNGCommunity/kloxo (product)
www.vulncheck.com/advisories/kloxo-local-priv-esc (third-party-advisory)

Frequently asked questions

What is CVE-2012-10022?: CVE-2012-10022 is a vulnerability in Lxcenter Kloxo, classified under Improper Privilege Management. Published 2025-08-01.
Is CVE-2012-10022 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.