← back
CVE-2025-43715

CVE-2025-43715

CVSS 8.1 HIGHEPSS 0.2%CWE-754
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Nullsoft · Nullsoft Scriptable Install System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rlhttps://sourceforge.net/p/nsis/bugs/1315/