CVE-2025-0542

Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Escalada de privilegios locales debido a la asignación incorrecta de privilegios de archivos temporales en el mecanismo de actualización de G DATA Management Server. Esta vulnerabilidad permite a un atacante local sin privilegios escalar privilegios en las instalaciones afectadas colocando un archivo ZIP manipulado en un directorio con permisos de escritura globales, que se descomprime en el contexto de SYSTEM y da como resultado la escritura arbitraria de archivos.

25 Jan 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-25 17:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-0542

Mitre link : CVE-2025-0542

CVE.ORG link : CVE-2025-0542

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-276

Incorrect Default Permissions

{"id": "CVE-2025-0542", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-25T17:15:21.030", "references": [{"url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542", "source": "a341c0d1-ebf7-493f-a84e-38cf86618674"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "a341c0d1-ebf7-493f-a84e-38cf86618674", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write."}, {"lang": "es", "value": "Escalada de privilegios locales debido a la asignaci\u00f3n incorrecta de privilegios de archivos temporales en el mecanismo de actualizaci\u00f3n de G DATA Management Server. Esta vulnerabilidad permite a un atacante local sin privilegios escalar privilegios en las instalaciones afectadas colocando un archivo ZIP manipulado en un directorio con permisos de escritura globales, que se descomprime en el contexto de SYSTEM y da como resultado la escritura arbitraria de archivos."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "a341c0d1-ebf7-493f-a84e-38cf86618674"}