CVE-2023-53949 | THREATINT

Description

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-19 | Updated 2025-12-19 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Incorrect Permission Assignment for Critical Resource

Product status

Any version

affected

Credits

Zer0FauLT # finder

References

www.exploit-db.com/exploits/51380 (ExploitDB-51380) exploit

www.aspemail.com (Official Product Homepage) product

www.vulncheck.com/...ion-via-binary-permission-vulnerability (VulnCheck Advisory: AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability) third-party-advisory

cve.org (CVE-2023-53949)

nvd.nist.gov (CVE-2023-53949)

Download JSON