7.8

CVE-2025-13703

EPSS 0.02%
Veröffentlicht 23.12.2025 21:30:26
Zuletzt bearbeitet 29.12.2025 15:58:56
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27147.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerVIPRE

≫

Produkt Advanced Security

Default Statusunknown

Version 12.0.2.220

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.zerodayinitiative.com/advisories/ZDI-25-1023/

https://success.vipre.com/home-windows-release-notes/home-windows-release-notes-20250925

https://nvd.nist.gov/vuln/detail/CVE-2025-13703

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13703

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13703

EUVD