We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-6241

CVE-2025-6241



Description

LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary code. This malicious DLL is executed in the context of NT AUTHORITY\SYSTEM upon service start or restart, due to the Windows default dynamic-link library search order, resulting in local elevation of privileges.

Reserved 2025-06-18 | Published 2025-07-27 | Updated 2025-07-27 | Assigner certcc

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

10.05.0027 before 10.10.0.42
affected

References

documentation.lakesidesoftware.com/...otes%7CAgent%7C_____13

cve.org (CVE-2025-6241)

nvd.nist.gov (CVE-2025-6241)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-6241

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.