CVE-2025-0425
Published: 18 February 2025
Summary
CVE-2025-0425 is a high-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Cordaware (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4812
Vulnerability details
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt…
more
authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system" An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient". This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The policy and procedures establish internal controls and change management for system configuration settings, reducing the feasibility of external unauthorized modifications.
Baseline configuration under change control directly prevents unauthorized external modification of system or configuration settings.
Requires approval, documentation, and security impact review of all configuration changes, directly preventing unauthorized external control of system settings.
Impact analysis of configuration changes reduces the risk of deploying settings that permit unauthorized external control.
Restricting changes to system and configuration settings prevents external entities from controlling those settings without approval.
Establishing, implementing, approving deviations from, and monitoring configuration settings directly prevents external or unauthorized control of system settings.
The plan defines processes for identifying and managing configuration items, preventing external unauthorized control of system settings.
Vulnerability scanners directly detect externally controllable or misconfigured settings using standardized checklists.