HackTheBox: VariaType
Medium Linux box built around a font-generation platform. Chain: vhost fuzzing → exposed .git credentials → path traversal filter bypass → CVE-2025-66034 (fonttools arbitrary file write) → CVE-2024-25082 (fontforge tar command injection via pspy-caught cron) → CVE-2025-47273 (setuptools path traversal to root SSH key).
Read 