CVE-2025-25011

{"id": "CVE-2025-25011", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2025-07-30T01:15:24.707", "references": [{"url": "https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558", "source": "bressers@elastic.co"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges."}, {"lang": "es", "value": "Una vulnerabilidad en un elemento de ruta de b\u00fasqueda no controlada puede provocar una escalada de privilegios locales (LPE) mediante permisos de directorio inseguros. Esta vulnerabilidad surge de la gesti\u00f3n incorrecta de los permisos de directorio. Un atacante con acceso local podr\u00eda explotar esta vulnerabilidad para mover y eliminar archivos arbitrarios, obteniendo as\u00ed privilegios de SYSTEM."}], "lastModified": "2025-07-31T18:42:37.870", "sourceIdentifier": "bressers@elastic.co"}