HTB Writeup – DevArea
Posted on 2026-03-30
Java CXF SOAF XXE (CVE-2022-46364) to Hoverfly auth RCE (CVE-2025-54123)
Java CXF SOAF XXE (CVE-2022-46364) to Hoverfly auth RCE (CVE-2025-54123)
Fonttools to file write, FontForge to RCE, setuptools to path traversal
Mirth CVE-2023-43208 RCE to root via Python f-string injection
Transform XSLT to HTML with extensions → special XML “SSTI”