Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2034 vulnerabilities reference this CWE, most recent first.

CVE-2025-2782 (GCVE-0-2025-2782)

Vulnerability from cvelistv5 – Published: 2025-03-28 22:24 – Updated: 2025-03-31 13:24
VLAI
Title
WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
Summary
The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
WatchGuard Terminal Services Agent Affected: 12.0 , ≤ 12.10 (semver)
Create a notification for this product.
Date Public
2025-03-27 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T13:23:57.984188Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T13:24:07.246Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Terminal Services Agent",
          "vendor": "WatchGuard",
          "versions": [
            {
              "lessThanOrEqual": "12.10",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-03-27T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eThe WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Terminal Services Agent: from 12.0 through 12.10.\u003c/p\u003e"
            }
          ],
          "value": "The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\n\n\n\nThis issue affects Terminal Services Agent: from 12.0 through 12.10."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-28T22:24:47.152Z",
        "orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
        "shortName": "WatchGuard"
      },
      "references": [
        {
          "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005"
        }
      ],
      "source": {
        "advisory": "WGSA-2025-00005",
        "defect": [
          "FBX-27511"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
    "assignerShortName": "WatchGuard",
    "cveId": "CVE-2025-2782",
    "datePublished": "2025-03-28T22:24:47.152Z",
    "dateReserved": "2025-03-25T00:16:35.756Z",
    "dateUpdated": "2025-03-31T13:24:07.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2781 (GCVE-0-2025-2781)

Vulnerability from cvelistv5 – Published: 2025-03-28 22:23 – Updated: 2025-03-31 14:23
VLAI
Title
WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory
Summary
The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
WatchGuard Mobile VPN with SSL Client Affected: 11.0 , ≤ 12.11 (semver)
Create a notification for this product.
Date Public
2025-03-27 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T14:23:31.758287Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T14:23:48.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Mobile VPN with SSL Client",
          "vendor": "WatchGuard",
          "versions": [
            {
              "lessThanOrEqual": "12.11",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-03-27T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eThe WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.\u003c/p\u003e"
            }
          ],
          "value": "The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\n\n\n\nThis issue affects Mobile VPN with SSL Client: from 11.0 through 12.11."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-28T22:23:50.752Z",
        "orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
        "shortName": "WatchGuard"
      },
      "references": [
        {
          "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004"
        }
      ],
      "source": {
        "advisory": "WGSA-2025-00004",
        "defect": [
          "FBX-27510"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
    "assignerShortName": "WatchGuard",
    "cveId": "CVE-2025-2781",
    "datePublished": "2025-03-28T22:23:50.752Z",
    "dateReserved": "2025-03-25T00:12:21.740Z",
    "dateUpdated": "2025-03-31T14:23:48.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2502 (GCVE-0-2025-2502)

Vulnerability from cvelistv5 – Published: 2025-05-30 19:14 – Updated: 2026-02-26 18:27
VLAI
Summary
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Lenovo PC Manager Affected: 0 , < 5.1.110.5082 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T03:55:14.585037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:27:49.570Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PC Manager",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.1.110.5082",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.1.110.5082",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.\u003c/span\u003e"
            }
          ],
          "value": "An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-30T19:14:24.858Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://iknow.lenovo.com.cn/detail/428586"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update PC Manager to version 5.1.110.5082 or later.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Update PC Manager to version 5.1.110.5082 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2025-2502",
    "datePublished": "2025-05-30T19:14:24.858Z",
    "dateReserved": "2025-03-18T14:58:49.193Z",
    "dateUpdated": "2026-02-26T18:27:49.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1789 (GCVE-0-2025-1789)

Vulnerability from cvelistv5 – Published: 2026-02-24 18:47 – Updated: 2026-02-26 14:44
VLAI
Summary
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Genetec Inc. Genetec Update Service Affected: <2.10.600 (semver)
Unaffected: >=2.10.600 (semver)
Create a notification for this product.
Credits
Rutger Flohil
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T04:56:04.010019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:07.658Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Update Service",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c2.10.600",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=2.10.600",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rutger Flohil"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233: Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T18:47:24.913Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2025-1789",
    "datePublished": "2026-02-24T18:47:24.913Z",
    "dateReserved": "2025-02-28T17:07:08.574Z",
    "dateUpdated": "2026-02-26T14:44:07.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1699 (GCVE-0-2025-1699)

Vulnerability from cvelistv5 – Published: 2025-06-11 16:14 – Updated: 2025-06-11 17:32
VLAI
Summary
An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Motorola g34 Affected: 0 , < 2025-06-01 (SPL)
Create a notification for this product.
Motorola g34t Affected: 0 , < 2025-06-01 (SPL)
Create a notification for this product.
Motorola g45 5G Affected: 0 , < 2025-06-01 (SPL)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T17:32:22.596452Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T17:32:38.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "g34",
          "vendor": "Motorola",
          "versions": [
            {
              "lessThan": "2025-06-01",
              "status": "affected",
              "version": "0",
              "versionType": "SPL"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "g34t",
          "vendor": "Motorola",
          "versions": [
            {
              "lessThan": "2025-06-01",
              "status": "affected",
              "version": "0",
              "versionType": "SPL"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "g45 5G",
          "vendor": "Motorola",
          "versions": [
            {
              "lessThan": "2025-06-01",
              "status": "affected",
              "version": "0",
              "versionType": "SPL"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:motorola:g34:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2025-06-01",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:motorola:g34t:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2025-06-01",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:motorola:g45_5g:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2025-06-01",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-11T16:14:49.135Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/186729"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate your Motorola phone to the latest software version. Software versions with a Security Patch Level of 202\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e5\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e06\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-01 or later include a fix for this \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Update your Motorola phone to the latest software version. Software versions with a Security Patch Level of 2025-06-01 or later include a fix for this vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2025-1699",
    "datePublished": "2025-06-11T16:14:49.135Z",
    "dateReserved": "2025-02-25T18:33:54.666Z",
    "dateUpdated": "2025-06-11T17:32:38.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0886 (GCVE-0-2025-0886)

Vulnerability from cvelistv5 – Published: 2025-07-17 19:16 – Updated: 2025-07-17 20:09
VLAI
Summary
An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Lenovo Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW) Affected: 0 , < 1000.100.108.548 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7 (Type 21KV, 21KW) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for P14s Gen 4 (Type 21HF, 21HG) Affected: 0 , < 1000.100.108.858 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4 (Type 21K5, 21K6) Affected: 0 , < 1000.100.108.1893 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5 (Type 21G2, 21G3) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5 (Type 21ME, 21MF) Affected: 0 , < 1000.100.108.6136 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2 (Type 21FA, 21FB) Affected: 0 , < 1000.100.108.774 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for P16s Gen 2 (Type 21HK, 21HL) Affected: 0 , < 1000.100.108.858 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2 (Type 21K9, 21KA) Affected: 0 , < 1000.100.106.2391 (custom)
Create a notification for this product.
Lenovo lliptic Human Presence Detection Driver for P16s Gen 3 (Type 21KS, 21KT) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1 (Type 21FC, 21FD) Affected: 0 , < 1000.100.108.900 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1 (Type 21FE, 21FF) Affected: 0 , < 1000.100.108.2235 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2 (Type 21KX, 21KY) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21AH, 21AJ) Affected: 0 , < 3.2.61209.5 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21CF, 21CG)) Affected: 0 , < 3.2.61209.5 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for T14 Gen 4 (Type 21HD, 21HE) Affected: 0 , < 1000.100.108.858 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for T14 Gen 4 (Type 21K3, 21K4) Affected: 0 , < 1000.100.108.1893 (custom)
Create a notification for this product.
Lenovo lliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21MC, 21MD) Affected: 0 , < 1000.100.108.6136 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21ML, 21MM) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for T14s Gen 4 (Type 21F6, 21F7) Affected: 0 , < 1000.100.108.858 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4 (Type 21F8, 21F9) Affected: 0 , < 1000.100.108.1893 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for T14s Gen 5 (Type 21LS, 21LT) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6 (Type 21M1, 21M2) Affected: 0 , < 1000.100.109.82 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for T16 Gen 2 (Type 21HH, 21HJ) Affected: 0 , < 1000.100.108.858 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for T16 Gen 2 (Type 21K7 21K8) Affected: 0 , < 1000.100.106.2391 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for T16 Gen 3 (Type 21MN, 21MQ) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9 (Type 21KE, 21KF) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen (Type 21KC, 21KD) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5 (Type 21LW, 21LX) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4 (Type 21EX, 21EY) Affected: 0 , < 1000.100.108.761 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4 (Type 21J3, 21J4) Affected: 0 , < 1000.100.108.2234 (custom)
Create a notification for this product.
Lenovo Elliptic Human Presence Detection Device Driver for X13 Gen 5 (Type 21LU, 21LV) Affected: 0 , < 1000.100.108.801 (custom)
Create a notification for this product.
Lenovo Elliptic Virtual Lock Sensor for X13 Yoga Gen 4 (Type 21F2, 21F3) Affected: 0 , < 1000.100.108.761 (custom)
Create a notification for this product.
Credits
Lenovo thanks Alexander Staalgaard, JN Data Red Team, for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T20:08:57.428883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T20:09:10.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.548",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7 (Type 21KV, 21KW)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for P14s Gen 4 (Type 21HF, 21HG)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.858",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4 (Type 21K5, 21K6)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.1893",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5 (Type 21G2, 21G3)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5 (Type 21ME, 21MF)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.6136",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2 (Type 21FA, 21FB)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.774",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for P16s Gen 2 (Type 21HK, 21HL)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.858",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2 (Type 21K9, 21KA)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.106.2391",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "lliptic Human Presence Detection Driver for P16s Gen 3 (Type 21KS, 21KT)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1 (Type 21FC, 21FD)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.900",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1 (Type 21FE, 21FF)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.2235",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2 (Type 21KX, 21KY)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21AH, 21AJ)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.2.61209.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21CF, 21CG))",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.2.61209.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for T14 Gen 4 (Type 21HD, 21HE)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.858",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for T14 Gen 4 (Type 21K3, 21K4)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.1893",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "lliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21MC, 21MD)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.6136",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21ML, 21MM)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for T14s Gen 4 (Type 21F6, 21F7)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.858",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4 (Type 21F8, 21F9)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.1893",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for T14s Gen 5 (Type 21LS, 21LT)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6 (Type 21M1, 21M2)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.109.82",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for T16 Gen 2 (Type 21HH, 21HJ)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.858",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for T16 Gen 2 (Type 21K7 21K8)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.106.2391",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for T16 Gen 3 (Type 21MN, 21MQ)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9 (Type 21KE, 21KF)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen (Type 21KC, 21KD)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5 (Type 21LW, 21LX)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4 (Type 21EX, 21EY)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.761",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4 (Type 21J3, 21J4)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.2234",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Human Presence Detection Device Driver for X13 Gen 5 (Type 21LU, 21LV)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.801",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elliptic Virtual Lock Sensor for X13 Yoga Gen 4 (Type 21F2, 21F3)",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1000.100.108.761",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p16s_gen_2_type_21hk_21hl_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.858",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_for_x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.761",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21ah_21aj_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.2.61209.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21cf_21cg_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.2.61209.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16_gen_2_type_21fa_21fb_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.774",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p14s_gen_4_type_21k5_21k6_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.1893",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14_gen_5_type_21mc_21md_laptops_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.6136",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_4_type_21f8_21f9_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.1893",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_x13_gen_4_type_21j3_21j4_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.2234",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fe_21ff_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.2235",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p1_gen_6_type_21fv_21fw_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.548",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_5_type_21ls_21lt_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.801",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:elliptic_human_presence_detection_device_driver_for_lenovo:p14s_gen_5_type_21g2_21g3_laptops_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.801",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_2_type_21kx_21ky_laptops_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.801",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p1_gen_7_type_21kv_21kw_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.801",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_x1_2_in_1_gen_9_type_21ke_21kf_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.801",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t16_gen_2_type_21k7_21k8_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.106.2391",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fc_21fd_laptop_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.108.900",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_driver_for_t14s_gen_6_type_21m1_21m2_laptops_thinkpad:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1000.100.109.82",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lenovo thanks Alexander Staalgaard, JN Data Red Team, for reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. \u003c/span\u003e"
            }
          ],
          "value": "An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-17T19:16:16.273Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-182738"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the version (or newer) indicated for your model in the Product Impact section:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-182738\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-182738\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Update to the version (or newer) indicated for your model in the Product Impact section:\u00c2\u00a0 https://support.lenovo.com/us/en/product_security/LEN-182738"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2025-0886",
    "datePublished": "2025-07-17T19:16:16.273Z",
    "dateReserved": "2025-01-30T16:35:23.042Z",
    "dateUpdated": "2025-07-17T20:09:10.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0797 (GCVE-0-2025-0797)

Vulnerability from cvelistv5 – Published: 2025-01-29 01:00 – Updated: 2025-02-12 19:51
VLAI
Title
MicroWorld eScan Antivirus Quarantine Microworld default permission
Summary
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Credits
FPT IS Security (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0797",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T14:56:04.872774Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:51:16.070Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Quarantine Handler"
          ],
          "product": "eScan Antivirus",
          "vendor": "MicroWorld",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.32"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "FPT IS Security (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In MicroWorld eScan Antivirus 7.0.32 f\u00fcr Linux wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /var/Microworld/ der Komponente Quarantine Handler. Dank der Manipulation mit unbekannten Daten kann eine incorrect default permissions-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-29T01:00:17.874Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-293920 | MicroWorld eScan Antivirus Quarantine Microworld default permission",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.293920"
        },
        {
          "name": "VDB-293920 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.293920"
        },
        {
          "name": "Submit #484329 | MicroWorld Escan Antivirus on Linux 7.0.32 Incorrect Default Permissions",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.484329"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_incorrect_default_perms_leads_to_malware_evasion.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-01-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-01-28T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-01-28T15:47:04.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "MicroWorld eScan Antivirus Quarantine Microworld default permission"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-0797",
    "datePublished": "2025-01-29T01:00:17.874Z",
    "dateReserved": "2025-01-28T14:41:56.114Z",
    "dateUpdated": "2025-02-12T19:51:16.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0543 (GCVE-0-2025-0543)

Vulnerability from cvelistv5 – Published: 2025-01-25 16:17 – Updated: 2025-02-05 18:23
VLAI
Title
G DATA Security Client Local privilege escalation
Summary
Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
G DATA CyberDefense AG G DATA Security Client Affected: 0 , < 15.8.333 (semver)
Create a notification for this product.
Credits
Fabian Duschek
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0543",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T13:55:14.972209Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T18:23:40.680Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "G DATA Security Client",
          "vendor": "G DATA CyberDefense AG",
          "versions": [
            {
              "lessThan": "15.8.333",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Fabian Duschek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM."
            }
          ],
          "value": "Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-25T16:17:46.634Z",
        "orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
        "shortName": "cirosec"
      },
      "references": [
        {
          "url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "G DATA Security Client Local privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
    "assignerShortName": "cirosec",
    "cveId": "CVE-2025-0543",
    "datePublished": "2025-01-25T16:17:46.634Z",
    "dateReserved": "2025-01-17T10:12:08.693Z",
    "dateUpdated": "2025-02-05T18:23:40.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0542 (GCVE-0-2025-0542)

Vulnerability from cvelistv5 – Published: 2025-01-25 16:15 – Updated: 2025-02-12 20:01
VLAI
Title
G DATA Management Server Local privilege escalation
Summary
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Vendor Product Version
G DATA CyberDefense AG G DATA Management Server Affected: 0 , < 15.8.333 (semver)
Create a notification for this product.
Credits
Fabian Duschek
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0542",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T14:20:27.912093Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:01:14.392Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "G DATA Management Server",
          "vendor": "G DATA CyberDefense AG",
          "versions": [
            {
              "lessThan": "15.8.333",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Fabian Duschek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write."
            }
          ],
          "value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        },
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-25T16:15:09.526Z",
        "orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
        "shortName": "cirosec"
      },
      "references": [
        {
          "url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "G DATA Management Server Local privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
    "assignerShortName": "cirosec",
    "cveId": "CVE-2025-0542",
    "datePublished": "2025-01-25T16:15:09.526Z",
    "dateReserved": "2025-01-17T07:53:19.796Z",
    "dateUpdated": "2025-02-12T20:01:14.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0014 (GCVE-0-2025-0014)

Vulnerability from cvelistv5 – Published: 2025-04-02 16:14 – Updated: 2026-02-26 18:28
VLAI
Summary
Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
AMD
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T03:55:30.706022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:59.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Software",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
            }
          ],
          "value": "Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-02T16:14:00.258Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-0014",
    "datePublished": "2025-04-02T16:14:00.258Z",
    "dateReserved": "2024-10-10T20:27:50.166Z",
    "dateUpdated": "2026-02-26T18:28:59.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.