CVE-2025-0543

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 25, 2025
CWE ID 276

Summary

CVE-2025-0543 is a local privilege escalation vulnerability affecting G DATA Security Client. The issue arises due to incorrect directory privilege assignments, enabling a local, unprivileged attacker to escalate privileges. By placing an arbitrary executable in a globally writable directory, an attacker can manipulate the SetupSVC.exe service to execute the malicious code with SYSTEM-level privileges. This weakness poses a significant risk to affected installations and requires immediate attention from system administrators.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share