CVE-2025-40672

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-40672
A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS).
CVSS

No CVSS.

References
Link Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/privilege-escalation-proactivanet-espiral-ms-group
Configurations

No configuration.

History

27 May 2025, 09:15

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad de escalada de privilegios en ProactivaNet v3.24.0.0 de Grupo Espiral MS. Esta vulnerabilidad permite a cualquier usuario anular el archivo panLoad.exe, que será ejecutado por el usuario SYSTEM mediante una tarea programada. Esto permitiría a un atacante obtener permisos de administrador para realizar cualquier actividad que desee, como acceder a información confidencial, ejecutar código remotamente e incluso provocar una denegación de servicio (DoS).
Summary (en) A Privilege Escalation vulnerability has been found in ProactivaNet v3.24.0.0 from Grupo Espiral MS. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). (en) A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS).

26 May 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-26 10:15

Updated : 2025-05-28 15:01

NVD link : CVE-2025-40672

Mitre link : CVE-2025-40672

CVE.ORG link : CVE-2025-40672

JSON object : View

Products Affected

No product.

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource