CVE-2025-40672 HIGH

CVE-2025-40672: Privilege Escalation in Panloader.exe

Vendor Grupo Espiral Ms
Product Panloader.exe
Weakness CWE-732
Published May 26, 2025
Last update June 6, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS).

Key dates

02Disclosure timeline

May 26, 2025 CVE published
June 6, 2025 Record updated