CVE-2025-0542 HIGH

CVE-2025-0542: G DATA Management Server Local privilege escalation

Vendor G Data Cyberdefense Ag
Product G DATA Management Server
Weakness CWE-276
Published January 25, 2025
Last update February 12, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.

Key dates

02Disclosure timeline

January 25, 2025 CVE published
February 12, 2025 Record updated