漏洞关键信息 基本信息 日期: December 19th, 2025 编号: ZDI-25-1166, ZDI-CAN-27659 CVE ID: CVE-2025-14490 CVSS 分数: 7.8 CVSS 向量: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 影响范围 受影响厂商: RealDefense 受影响产品: SUPERAntiSpyware 漏洞详情 This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. 其他细节 固定版本: 10.0.1280 参考链接: https://secure.saperantispyware.com/content/producthistory.html 披露时间线 2025-09-04 - 漏洞报告给厂商 2025-12-19 - 协调公开发布咨询 2025-12-19 - 咨询更新 致谢 发现者: gongjae