CVE-2025-0425— Local Privilege Escalation via Config Manipulation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-0425
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local Privilege Escalation via Config Manipulation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system" An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient". This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
系统设置或配置在外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cordaware bestinformed 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cordaware bestinformed是德国Cordaware公司的一套群发通知系统。 Cordaware bestinformed存在安全漏洞,该漏洞源于服务器地址修改权限问题,可能导致本地权限提升至SYSTEM。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cordaware | bestinformed Infoclient | 0 ~ 6.3.7.0 | - |
II. Public POCs for CVE-2025-0425
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-0425
请登录查看更多情报信息。
- Changelog > Infoclient > Version 6.3.8.1vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-0425
Same Patch Batch · Cordaware · 2025-02-18 · 4 CVEs total
| CVE-2025-0422 | Authenticated Remote Code Execution via ScriptVar | |
| CVE-2025-0423 | Multiple Unauthenticated Stored Cross-Site Scripting | |
| CVE-2025-0424 | Multiple Authenticated Stored Cross-Site Scripting |
IV. Related Vulnerabilities
Same weakness: CWE-15
- CVE-2026-43531
OpenClaw < 2026.4.9 - Environment Variable Injection via Wor - CVE-2026-41384
OpenClaw < 2026.3.24 - Environment Variable Injection via Wo - CVE-2026-41294
OpenClaw < 2026.3.28 - Environment Variable Injection via CW - CVE-2026-0232
Cortex XDR Agent: Local Administrator can disable the agent - CVE-2026-35650
OpenClaw < 2026.3.22 - Environment Variable Override Bypass
V. Comments for CVE-2025-0425
No comments yet