CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0543 – G DATA Security Client Local privilege escalation
https://notcve.org/view.php?id=CVE-2025-0543
25 Jan 2025 — Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0542 – G DATA Management Server Local privilege escalation
https://notcve.org/view.php?id=CVE-2025-0542
25 Jan 2025 — Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions •