Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-50675 PoC — Lighthouse data GPMAW 14 安全漏洞

Source
https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions
Associated Vulnerability
Title:Lighthouse data GPMAW 14 安全漏洞 (CVE-2025-50675)
Description:GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.
Description
CVE-2025-50675: Insecure install folder permissions in GPMAW bioinformatics software
Readme
# CVE-2025-50675 – Insecure Permissions in GPMAW 14.2

## Summary  
**CVE-2025-50675** affects GPMAW 14.2, a bioinformatics software developed by Lighthouse Data. The installer creates the folder `C:\Program Files\gpmaw` with **full control granted to the 'Everyone' group**, allowing any local user to modify files in the directory.

## Affected Product  
- **Product:** GPMAW  
- **Version:** 14.2  
- **Vendor:** Lighthouse Data  
- **Vendor site:** https://www.gpmaw.com/html/downloads.html

## Vulnerability Type  
- Insecure Permissions  
- CWE-276: Incorrect Default Permissions

## Attack Vector  
- Local attackers with user access can replace critical executables, such as the uninstaller (`GPsetup64_17028.exe`), with a malicious payload.
- When an administrator runs the uninstaller, the payload executes with elevated privileges.
- Alternatively, attackers can replace components within the installation folder that are executed when the application starts, resulting in persistence on the system.

## Impact  
- **Privilege Escalation**  
- **Arbitrary Code Execution**  
- **Persistence (if executable replaced in user context)**

## Proof of Concept  
1. As a standard user, navigate to `C:\Program Files\gpmaw`
2. Replace `GPsetup64_17028.exe` with a malicious executable
3. Delete components to cause errors
4. Wait for an administrator to run the uninstaller
5. The malicious payload runs with administrative privileges

## Mitigation  
- Restrict permissions on the installation folder so only trusted users (e.g. Administrators) have write access  
- Reinstall GPMAW in a secured location with correct ACLs


## CVE ID  
- [CVE-2025-50675](https://www.cve.org/CVERecord?id=CVE-2025-50675)
File Snapshot

 [4.0K]  /data/pocs/cee63bc10ad854175e317151f02e021ac178bbdd
├── [1.0K]  LICENSE
└── [1.7K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →