Cyber Resilience

CVE-2025-0542

High

Published: 25 January 2025

Published
25 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 18.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0542 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-0542 is a local privilege escalation vulnerability in the update mechanism of G DATA Management Server, stemming from incorrect assignment of privileges to temporary files. This flaw, associated with CWE-22 (path traversal) and CWE-276 (incorrect default permissions), carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It affects installations of G DATA Management Server where the update process mishandles temporary files, enabling exploitation through manipulated archives.

A local, unprivileged attacker can exploit this vulnerability by placing a crafted ZIP archive in a globally writable directory. When the update mechanism processes this archive, it unpacks the contents in the context of the SYSTEM privilege level, resulting in arbitrary file write capabilities. This allows the attacker to escalate privileges on the affected system, potentially overwriting critical files to gain higher-level access.

For mitigation details, refer to the security advisory at https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542, which provides further guidance on patches or workarounds for G DATA Management Server installations.

EU & UK References

Vulnerability details

Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive…

more

in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local unprivileged attacker exploits improper temp file permissions and path traversal in update process to achieve SYSTEM-level arbitrary file write for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276
CVE-2024-49737Shared CWE-276
CVE-2025-24170Shared CWE-276
CVE-2024-53841Shared CWE-276
CVE-2026-33747Shared CWE-22
CVE-2025-54307Shared CWE-22
CVE-2026-20614Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege on the update mechanism process to prevent unpacking ZIP archives in the high-privilege SYSTEM context.

prevent

Mandates secure configuration settings for temporary file directories and permissions to eliminate globally writable locations exploited for privilege escalation.

prevent

Requires validation of ZIP archive inputs to block path traversal attacks during unpacking that enable arbitrary file writes.

References