Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution.
History

Thu, 24 Jul 2025 17:00:00 +0000


Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00051}

epss

{'score': 0.00067}


Tue, 08 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Description Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-07-08T00:00:00.000Z

Updated: 2025-07-24T16:54:22.861Z

Reserved: 2025-05-07T00:00:00.000Z

Link: CVE-2025-47422

cve-icon Vulnrichment

Updated: 2025-07-08T20:46:53.615Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-08T14:15:27.997

Modified: 2025-07-24T17:15:32.570

Link: CVE-2025-47422

cve-icon Redhat

No data.