HTB Silentium Complete Writeup -CVE-2025-58434, CVE-2025-59528 & Gogs RCE

A comprehensive penetration testing guide exploiting Flowise unauthenticated account takeover, JavaScript code injection RCE, and a Gogs symlink bypass to achieve full root privilege escalation.

April 14, 2026 • views • 11 min read • 1,407 words

Havoc

hackthebox 23 htb 27 linux 8 cve-2025-58434 cve-2025-59528 cve-2025-64111 flowise gogs account-takeover password-reset-disclosure javascript-injection rce 5 nodejs custommcp mcp ai-platform symlink-bypass git-hook docker-escape 2 environment-variable-leakage privilege-escalation 14 ssh-tunneling nmap 6 vhost-enumeration season10 6 medium-difficulty 5

🔒 Content Locked

This writeup is password-protected to comply with HTB rules.

📧 Need access? Enter the password.

HTB Silentium Complete Writeup -CVE-2025-58434, CVE-2025-59528 & Gogs RCE

🔒 Content Locked

☕ Support My Work

Comments

🔒 Content Locked

☕ Support My Work

Related Articles

HTB Silentium Complete Writeup -CVE-2025-58434, CVE-2025-59528 & Gogs RCE

HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE

HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation

HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape

Comments