Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution.
Metrics
Affected Vendors & Products
References
History
Thu, 24 Jul 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 14 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Tue, 08 Jul 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-266 | |
Metrics |
cvssV3_1
|
Tue, 08 Jul 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-07-08T00:00:00.000Z
Updated: 2025-07-24T16:54:22.861Z
Reserved: 2025-05-07T00:00:00.000Z
Link: CVE-2025-47422

Updated: 2025-07-08T20:46:53.615Z

Status : Awaiting Analysis
Published: 2025-07-08T14:15:27.997
Modified: 2025-07-24T17:15:32.570
Link: CVE-2025-47422

No data.