Cyber Resilience

CVE-2025-0543

High

Published: 25 January 2025

Published
25 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 11.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0543 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-0543 is a local privilege escalation vulnerability in G DATA Security Client, stemming from incorrect assignment of privileges to directories (CWE-276). The issue affects installations where a globally writable directory allows unprivileged users to place arbitrary executables that are subsequently executed by the SetupSVC.exe service in the context of SYSTEM. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with low attack complexity and privileges required.

A local, unprivileged attacker can exploit this vulnerability by placing a malicious executable in the globally writable directory. Upon execution by the SetupSVC.exe service running as SYSTEM, the attacker achieves full privilege escalation, gaining unauthorized access to high-impact capabilities across confidentiality, integrity, and availability.

For mitigation details, refer to the security advisory at https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543.

EU & UK References

Vulnerability details

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting…

more

in execution by the SetupSVC.exe service in the context of SYSTEM.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via insecure directory permissions allowing malicious executable placement executed as SYSTEM by existing service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276
CVE-2026-25203Shared CWE-276
CVE-2024-49737Shared CWE-276
CVE-2024-34730Shared CWE-276
CVE-2025-24107Shared CWE-276

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-6 enforces the principle of least privilege on directories and service execution contexts, preventing unprivileged users from writing executables to locations run by SYSTEM services like SetupSVC.exe.

prevent

AC-3 enforces approved access authorizations at the file system level, blocking unauthorized writes to directories used by privileged services and directly mitigating the globally writable directory issue.

prevent

CM-6 mandates secure configuration settings for system components, including restrictive directory permissions that prevent global writability exploited for privilege escalation.

References