CVE-2025-0542
Published: 25 January 2025
Summary
CVE-2025-0542 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2025-0542 is a local privilege escalation vulnerability in the update mechanism of G DATA Management Server, stemming from incorrect assignment of privileges to temporary files. This flaw, associated with CWE-22 (path traversal) and CWE-276 (incorrect default permissions), carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It affects installations of G DATA Management Server where the update process mishandles temporary files, enabling exploitation through manipulated archives.
A local, unprivileged attacker can exploit this vulnerability by placing a crafted ZIP archive in a globally writable directory. When the update mechanism processes this archive, it unpacks the contents in the context of the SYSTEM privilege level, resulting in arbitrary file write capabilities. This allows the attacker to escalate privileges on the affected system, potentially overwriting critical files to gain higher-level access.
For mitigation details, refer to the security advisory at https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542, which provides further guidance on patches or workarounds for G DATA Management Server installations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1750
Vulnerability details
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive…
more
in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local unprivileged attacker exploits improper temp file permissions and path traversal in update process to achieve SYSTEM-level arbitrary file write for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces least privilege on the update mechanism process to prevent unpacking ZIP archives in the high-privilege SYSTEM context.
Mandates secure configuration settings for temporary file directories and permissions to eliminate globally writable locations exploited for privilege escalation.
Requires validation of ZIP archive inputs to block path traversal attacks during unpacking that enable arbitrary file writes.