CVE-2025-0712 | THREATINT

Description

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.

PUBLISHED Reserved 2025-01-24 | Published 2025-07-30 | Updated 2025-07-30 | Assigner elastic

HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status

unaffected

8.16 (semver)

affected

8.17 (semver)

affected

References

discuss.elastic.co/...1-0-security-update-esa-2025-12/380558

cve.org (CVE-2025-0712)

nvd.nist.gov (CVE-2025-0712)

Download JSON