7.8
CVE-2025-57836
- EPSS 0.11%
- Veröffentlicht 05.01.2026 00:00:00
- Zuletzt bearbeitet 30.01.2026 01:26:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.018 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57836/