CVE-2025-0425
Feb. 18, 2025, 8:15 a.m.
None
No Score
Description
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include:
* Pushing of malicious update packages
* Arbitrary Registry Read as "nt authority\system"
An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient".
This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed.
Product(s) Impacted
| Product | Versions |
|---|---|
| bestinformed Web |
|
| bestinformed Infoclient |
|
| bestinformed Server |
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-15
External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.
Tags
Timeline
Published: Feb. 18, 2025, 8:15 a.m.
Last Modified: Feb. 18, 2025, 8:15 a.m.
Last Modified: Feb. 18, 2025, 8:15 a.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
vulnerability@ncsc.ch
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.