fkie_cve-2025-0712
Vulnerability from fkie_nvd
Published
2025-07-30 01:15
Modified
2025-07-31 18:42
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.
References
bressers@elastic.cohttps://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en un elemento de ruta de b\u00fasqueda no controlada puede provocar una escalada de privilegios locales (LPE) mediante permisos de directorio inseguros. Esta vulnerabilidad surge de la gesti\u00f3n incorrecta de los permisos de directorio. Un atacante con acceso local podr\u00eda explotar esta vulnerabilidad para mover y eliminar archivos arbitrarios, obteniendo as\u00ed privilegios de SYSTEM."
    }
  ],
  "id": "CVE-2025-0712",
  "lastModified": "2025-07-31T18:42:37.870",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "bressers@elastic.co",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-30T01:15:24.513",
  "references": [
    {
      "source": "bressers@elastic.co",
      "url": "https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558"
    }
  ],
  "sourceIdentifier": "bressers@elastic.co",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "bressers@elastic.co",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.