CVE-2025-0542

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 25, 2025
CWE ID 22
CWE ID 276

Summary

CVE-2025-0542 is a local privilege escalation vulnerability affecting G DATA Management Server. The issue arises due to an incorrect assignment of privileges in the update mechanism, enabling a local, unprivileged attacker to escalate privileges. By placing a specially crafted ZIP archive in a globally writable directory, an attacker can trick the server into unpacking the archive with SYSTEM privileges, resulting in arbitrary file write access. This vulnerability poses a serious threat to affected installations and demands immediate attention for appropriate mitigation measures.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share