CVE-2025-7012 HIGH

CVE-2025-7012: Cato Networks Linux Client Local Privilege Escalation via Symlink

Vendor Cato Networks
Product Cato Client
Weakness CWE-59
Published July 13, 2025
Last update July 14, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:M/U:Green

What the vulnerability does

01Description

An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.

Key dates

02Disclosure timeline

July 13, 2025 CVE published
July 14, 2025 Record updated