CVE-2025-43715 | THREATINT

Description

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

PUBLISHED Reserved 2025-04-17 | Published 2025-04-17 | Updated 2025-04-17 | Assigner mitre

HIGH: 8.1CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status

unaffected

Any version before 3.11

affected

References

sourceforge.net/p/nsis/bugs/1315/

nsis.sourceforge.io/Docs/AppendixF.html

cve.org (CVE-2025-43715)

nvd.nist.gov (CVE-2025-43715)

Download JSON