nvd-json-data-feeds/CVE-2025/CVE-2025-04xx/CVE-2025-0425.json

{
  "id": "CVE-2025-0425",
  "sourceIdentifier": "vulnerability@ncsc.ch",
  "published": "2025-02-18T08:15:10.597",
  "lastModified": "2025-02-18T08:15:10.597",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Via the GUI of the \"bestinformed Infoclient\", a low-privileged user is by default able to change the server address of the \"bestinformed Server\" to which this client connects. This is dangerous as the \"bestinformed Infoclient\" runs with elevated permissions (\"nt authority\\system\"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the \"bestinformed Web\" server. Those features include:\n  *  Pushing of malicious update packages\n  *  Arbitrary Registry Read as \"nt authority\\system\"\n\n\nAn attacker is able to escalate his privileges to \"nt authority\\system\" on the Windows client running the \"bestinformed Infoclient\".\u00a0\n\n\nThis attack is not possible if a custom configuration (\"Infoclient.ini\")\u00a0containing the flags \"ShowOnTaskbar=false\" or \"DisabledItems=stPort,stAddress\" is deployed."
    },
    {
      "lang": "es",
      "value": "A trav\u00e9s de la interfaz gr\u00e1fica de usuario del \"bestinformed Infoclient\", un usuario con pocos privilegios puede cambiar de forma predeterminada la direcci\u00f3n del servidor del \"bestinformed Server\" al que se conecta este cliente. Esto es peligroso, ya que el \"bestinformed Infoclient\" se ejecuta con permisos elevados (\"nt authority\\system\"). Al cambiar la direcci\u00f3n del servidor a un servidor malicioso o a un script que simule un servidor, el usuario puede aumentar sus privilegios abusando de ciertas caracter\u00edsticas del servidor \"bestinformed Web\". Estas caracter\u00edsticas incluyen: *  Pushing of malicious update packages * Lectura arbitraria del registro como \"nt authority\\system\" Un atacante puede aumentar sus privilegios a \"nt authority\\system\" en el cliente de Windows que ejecuta el \"bestinformed Infoclient\". Este ataque no es posible si se implementa una configuraci\u00f3n personalizada (\"Infoclient.ini\") que contenga los indicadores \"ShowOnTaskbar=false\" o \"DisabledItems=stPort,stAddress\"."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "vulnerability@ncsc.ch",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "HIGH",
          "vulnerableSystemAvailability": "HIGH",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "vulnerability@ncsc.ch",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-15"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.cordaware.com/changelog/en/version-6_3_8_1.html",
      "source": "vulnerability@ncsc.ch"
    }
  ]
}