Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.
Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Witten by our own internal team, you can trust they have been thoroughly tested and validated by our experts.
The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:
What are the most critical attacks from the attacker’s perspective?
What new vulnerabilities are more likely to be exploited in real attacks?
What exploits are the most valuable for Core Impact?
Once an exploit is approved, its priority order considers the following variables:
Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed.
Target Environment Setup: OS, application prevalence, version and special configurations needed.
Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc.
Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation.
Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges.
Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.
Stay Informed of New Core Certified Exploits
Subscribe to receive regular email updates on new exploits available for Core Impact
Browse the Core Certified Exploit Library
We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications.
Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.
Title
Description
Date Added
CVE Link
Exploit Platform
Exploit Type
Product Name
Microsoft Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Exploit (CVE-2025-55680)
The Cloud Files Mini Filter Driver (cldflt.sys) present in Microsoft Windows is vulnerable to a Time-of-check Time-of-use (TOCTOU) Race Condition, which can result in arbitrary file write. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
Cisco Secure ASA files_action.lua Buffer Overflow DoS
Cisco Secure ASA contains an improper validation of user-supplied input in HTTP(S) requests that allows an unauthenticated remote attacker to access restricted URL endpoints that are related to remote access VPN. Combined with a buffer overflow in the files_action.lua LUA script, these vulnerabilities may allow unauthenticated remote attackers to execute arbitrary code as root or cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions.
Microsoft Windows Agere Modem Driver Elevation of Privilege Vulnerability Exploit
An elevation of privilege vulnerability exists due to the Agere Windows Modem kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.
Magento Open Source and Adobe Commerce SessionReaper Remote Code Execution Exploit
An improper input validation vulnerability in Magento Open Source and Adobe Commerce allows unauthenticated remote attackers with network access via HTTP to achieve session takeover and unauthenticated remote code execution under certain conditions.
Microsoft Windows Common Log File System Driver Elevation of Privilege Vulnerability Exploit (CVE-2025-29824)
The Common Log File System Driver (clfs.sys) present in Microsoft Windows is vulnerable to a memory corruption vulnerability. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing.
Dell Unity getCASURL Remote OS Command Injection Exploit
Dell Unity contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Exploits / OS Command Injection / Known Vulnerabilities
Impact
Microsoft Windows Kernel Elevation of Privilege Vulnerability Exploit
An elevation of privilege vulnerability exists due to the Application Identity kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.
CrushFTP, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
Microsoft Windows TCP IP IPv6 remote DoS (CVE-2024-38063)
A memory corruption vulnerability in the Windows IPv6 stack allows remote Denial of Service via maliciously crafted IPv6 Fragment Header packets, leading to kernel-level compromise. Exploitation requires no authentication or user interaction-attackers need only send specially designed packets to vulnerable hosts. Impacts all Windows versions with IPv6 enabled (default since Windows 10).
Progress OpenEdge saveSvcConfig Remote OS Command Injection Exploit
CVE-2025-7388 is an OS command injection vulnerability in Progress OpenEdge that allows authenticated remote attackers to execute system commands in the context of NT AUTHORITY/SYSTEM. This module can also use CVE-2024-1403, an authentication bypass vulnerability that allow access to the adminServer classes so can chain it with CVE-2025-7388 OS command injection.
Exploits / OS Command Injection / Known Vulnerabilities
Impact
Microsoft Windows File Explorer Spoofing Vulnerability Exploit
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. A user would need to be tricked into opening a folder that contains a specially crafted file.
Microsoft Windows Local Session Manager Denial of Service Vulnerability Exploit
A denial of service vulnerability exists in the Local Session Manager (LSM) service when an authenticated attacker connects to the target system and sends specially crafted requests.
Microsoft Windows Disk Cleanup Tool Privilege Escalation Exploit
The Windows Disk Cleanup tool (cleanmgr.exe) has a DLL side-loading vulnerability. A crafted DLL could be loaded by the Disk Cleanup tool, hijacking its execution path. This could allow an attacker to gain system privileges on a vulnerable system.
Wing FTP Server version 7.4.3 and prior is prone to a remote code execution due to improper handling of null bytes in both the user and admin web interfaces. This flaw allows attackers to execute arbitrary Lua command into session files, which is executed by the server with the privileges of the FTP service.
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Microsoft Internet Shortcut Remote File Execution Vulnerability Exploit
The vulnerability relates to the use of Windows .URL files to execute a remote binary via a UNC path. When the targeted user opens or previews the .URL file (for example, from an email), the system attempts to access the specified path (for example, a WebDAV or SMB share), resulting in the execution of arbitrary code. Depending on the email client used, the vulnerability could be exploited as zero-click by simply displaying the attachment in the preview window or by clicking on it, or it could be blocked based on the target system's policies.
Microsoft Management Console MSC Exploit (CVE-2025-26633) Update
A vulnerability in the Microsoft Management Console (MMC) allows remote code execution via social engineering. The attack uses malicious HTML content in .msc file via an embedded ActiveX, exploiting the rendering of Windows' internal Internet Explorer. This update removes the one-link tag
Citrix NetScaler ADC and Gateway Memory Overread Vulnerability CitrixBleed2 Exploit
An insufficient input validation leading to memory overread in Citrix NetScaler ADC and Citrix NetScaler Gateway when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server may allow unauthenticated remote attackers to exfiltrate cookies, session IDs, or passwords from the target application.
Microsoft Management Console MSC Exploit (CVE-2025-26633)
A vulnerability in the Microsoft Management Console (MMC) allows remote code execution via social engineering. The attack uses malicious HTML content in .msc file via an embedded ActiveX, exploiting the rendering of Windows' internal Internet Explorer.
Vite exposes content of non-allowed files using inline&import or raw import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected.