CVE•Published 2025-12-11•2 articles on news•6 live references•NVD data
CVE-2025-36934
Vulnerability data via CVEDB (Shodan)
CVSS v3.1
7.4
HIGH
EPSS percentile
1
Exploit Prediction Scoring System · top 99% of all CVEs
Description
In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Timeline
Published 2025-12-11
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2025-36934Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · OS
os:"Android"Hosts Shodan identified as running Android.
More intel sources (5)
Shodan report
vuln:CVE-2025-36934Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-36934Censys host search filtered to this CVE id.
grep.app
CVE-2025-36934Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-36934GitHub code search for direct mentions.
Google dork
"CVE-2025-36934" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2025-369348 repos
Mr-xn/Penetration_Testing_POCHTML
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…
xairy/linux-kernel-exploitationunknown
A collection of links related to Linux kernel security and exploitation
k8gege/LadonC#
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\S…
0xsyr0/OSCPPowerShell
OSCP Cheat Sheet
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
8kSec/awesome-mobile-securityunknown
The most comprehensive Android & iOS security reference — tools, research papers, exploit techniques, platform internals, CTFs, and more. Built for security engineers.
splunk-soar-connectors/microsoftdefenderforendpointPython
JdExploit/RED-TEAM-TOOL-KITunknown