← back
CVE-2020-37160

SprintWork 2.3.1 - Local Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-276
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.5EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Veridium · SprintWork

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →