CVE-2025-0416

1 Abr 2025

Título es

CVE-2025-0416

Mar, 01/04/2025 – 04:15

Tipo

CWE-269

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-0416

Descripción en

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

01/04/2025

Vector CVSS:4.0

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:H/U:Amber

Gravedad 4.0

8.90

Gravedad 4.0 txt

HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416/

Enviar en el boletín

Off

CVE-2025-0416

CVE-2025-0416

Jose Alexis Correa Valencia