CVE-2025-4636 HIGH

CVE-2025-4636: Local Privilege Escalation

Vendor Jct
Product Airpointer
Weakness CWE-269
Published May 30, 2025
Last update May 30, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user

Key dates

02Disclosure timeline

May 30, 2025 CVE published
May 30, 2025 Record updated

Related vulnerabilities

04Related CVE