SecuriTricks - CVE-2025-64701

Description

QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed.

Product(s) Impacted

Vendor	Product	Versions
Qnd	Premium Advance Standard	11.0.9i 11.0.9i 11.0.9i

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-268

Privilege Chaining

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	qnd	premium	11.0.9i	/	/	/	/	/	/	/
a	qnd	advance	11.0.9i	/	/	/	/	/	/	/
a	qnd	standard	11.0.9i	/	/	/	/	/	/	/

References

https://jvn.jp/jp/JVN40102375/

https://www.qualitysoft.com/product/qnd_vulnerabilities_2025/

CVSS Score

8.5 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: LOW
User Interaction: NONE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Dec. 11, 2025, 9:15 a.m.
Last Modified: Dec. 11, 2025, 9:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

CVE-2025-64701