Home

Description

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.

PUBLISHED Reserved 2025-04-16 | Published 2026-05-27 | Updated 2026-05-27 | Assigner CERTVDE




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Default status
unaffected

0.0.0 (semver) before 2026.0.3
affected

Credits

Diego Giubertoni from Nozomi finder

References

www.certvde.com/en/advisories/VDE-2026-050/

cve.org (CVE-2025-41670)

nvd.nist.gov (CVE-2025-41670)

Download JSON