CVE-2025-25011

EPSS 0.02%
Veröffentlicht 30.07.2025 00:15:43
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@elastic.co
CVE-Watchlists
Login
Unerledigt
Login

Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerElastic

≫

Produkt Beats

Default Statusunaffected

Version 8.0.0

Version < 9.1.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@elastic.co	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558

https://nvd.nist.gov/vuln/detail/CVE-2025-25011

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-25011

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-25011

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-25011