What is CVE-2012-10033?

CVE-2012-10033 is a vulnerability in Ångström Distribution Project Narcissus, classified under OS Command Injection. Published 2025-08-05.

Is CVE-2012-10033 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Ångström Distribution Project Narcissus

CVE-2012-10033

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() funct…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.785 (99.1th percentile) — read the EPSS interpretation.

Affected products

Ångström Distribution Project Narcissus

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/22709 (exploit)
www.exploit-db.com/exploits/22856 (exploit)
web.archive.org/web/20101127002623/https://narcissus.angstrom-distribution.org/ (product)
www.vulncheck.com/advisories/narcissus-image-config-command-injection (third-party-advisory)

Frequently asked questions

What is CVE-2012-10033?: CVE-2012-10033 is a vulnerability in Ångström Distribution Project Narcissus, classified under OS Command Injection. Published 2025-08-05.
Is CVE-2012-10033 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.