← volver
CVE-2025-43715

CVE-2025-43715

CVSS 8.1 HIGHEPSS 0.2%CWE-754
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
17 abr 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Nullsoft · Nullsoft Scriptable Install System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rlhttps://sourceforge.net/p/nsis/bugs/1315/