CVE-2025-5317

EPSS 0.01%
Veröffentlicht 11.11.2025 08:02:22
Zuletzt bearbeitet 08.12.2025 18:10:57
Quelle cve-requests@bitdefender.com
CVE-Watchlists
Login
Unerledigt
Login

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitdefender ≫ Endpoint Security SwPlatformmacos Version < 7.20.52.200087

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cve-requests@bitdefender.com	6.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.bitdefender.com/support/security-advisories/improper-access-restriction-to-critical-folder-in-bitdefender-endpoint-security-tools-for-mac/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-5317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5317

EUVD