CVE-2023-53949
AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
19 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Aspemail · AspEmailWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →