CVE-2025-0543
Published: 25 January 2025
Summary
CVE-2025-0543 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-0543 is a local privilege escalation vulnerability in G DATA Security Client, stemming from incorrect assignment of privileges to directories (CWE-276). The issue affects installations where a globally writable directory allows unprivileged users to place arbitrary executables that are subsequently executed by the SetupSVC.exe service in the context of SYSTEM. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with low attack complexity and privileges required.
A local, unprivileged attacker can exploit this vulnerability by placing a malicious executable in the globally writable directory. Upon execution by the SetupSVC.exe service running as SYSTEM, the attacker achieves full privilege escalation, gaining unauthorized access to high-impact capabilities across confidentiality, integrity, and availability.
For mitigation details, refer to the security advisory at https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1751
Vulnerability details
Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting…
more
in execution by the SetupSVC.exe service in the context of SYSTEM.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via insecure directory permissions allowing malicious executable placement executed as SYSTEM by existing service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-6 enforces the principle of least privilege on directories and service execution contexts, preventing unprivileged users from writing executables to locations run by SYSTEM services like SetupSVC.exe.
AC-3 enforces approved access authorizations at the file system level, blocking unauthorized writes to directories used by privileged services and directly mitigating the globally writable directory issue.
CM-6 mandates secure configuration settings for system components, including restrictive directory permissions that prevent global writability exploited for privilege escalation.