CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (including tokens and terminal content) is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/MCSManager/MCSManager/pull/1596
https://github.com/bddjr/bddjr/discussions/9

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El proceso demon de MCSManager 10.5.3 se ejecuta como una cuenta root por defecto, y sus datos confidenciales (incluidos los tokens y el contenido del terminal) se almacenan en el directorio de datos, accesible para todos los usuarios. Otros usuarios del sistema pueden leer la clave del demon y usarla para iniciar sesión, lo que conlleva una escalada de privilegios.

22 Aug 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CWE		CWE-266

22 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-22 14:15

Updated : 2026-06-17 09:35

NVD link : CVE-2025-50691

Mitre link : CVE-2025-50691

CVE.ORG link : CVE-2025-50691

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

5.3 /10