What is CVE-2012-10048?

CVE-2012-10048 is a vulnerability in Zenoss, Inc. Zenoss Core, classified under Path Traversal. Published 2025-08-08.

Is CVE-2012-10048 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Zenoss, Inc. Zenoss Core

CVE-2012-10048

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute a…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.720 (98.8th percentile) — read the EPSS interpretation.

Affected products

Zenoss, Inc. Zenoss Core — versions 3.0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

www.exploit-db.com/exploits/20205 (exploit)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/37571 (exploit)
web.archive.org/web/20221203180334/https://itsecuritysolutions.org/2012-07-30-z… (technical-description, exploit)
sourceforge.net/projects/zenoss/ (product)
www.vulncheck.com/advisories/zenoss-command-execution (third-party-advisory)

Frequently asked questions

What is CVE-2012-10048?: CVE-2012-10048 is a vulnerability in Zenoss, Inc. Zenoss Core, classified under Path Traversal. Published 2025-08-08.
Is CVE-2012-10048 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.