Vulnerability Identifier: ZDI-25-1167, ZDI-CAN-27657 CVE Identifier: CVE-2025-14488 CVSS Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Vendors: RealDefense Affected Products: SUPERAntiSpyware Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. The specific flaw exists within the SAS Core Service. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Additional Details: Fixed in version 10.0.1280 - Product history: https://secure.superantispyware.com/content/producthistory.html Disclosure Timeline: - 2025-09-04: Vulnerability reported to vendor - 2025-12-19: Coordinated public release of advisory - 2025-12-19: Advisory Updated Credit: gongjae