CVE-2025-47422

Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospective.html
https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospective.html#update-deprecated-apis-used-to-resolve-paths
https://www.advancedinstaller.com/release-22.6.html

Configurations

No configuration.

History

24 Jul 2025, 17:15

Type	Values Removed	Values Added
References		() https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospective.html#update-deprecated-apis-used-to-resolve-paths -

08 Jul 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 14:15

Updated : 2025-07-24 17:15

NVD link : CVE-2025-47422

Mitre link : CVE-2025-47422

CVE.ORG link : CVE-2025-47422

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

{"id": "CVE-2025-47422", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-08T14:15:27.997", "references": [{"url": "https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospective.html", "source": "cve@mitre.org"}, {"url": "https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospective.html#update-deprecated-apis-used-to-resolve-paths", "source": "cve@mitre.org"}, {"url": "https://www.advancedinstaller.com/release-22.6.html", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution."}, {"lang": "es", "value": "Advanced Installer anterior a la versi\u00f3n 22.6 presenta una vulnerabilidad de escalada de privilegios locales en el elemento de ruta de b\u00fasqueda no controlada. Al ejecutarse como SYSTEM en ciertas configuraciones, el instalador avanzado busca binarios inexistentes en ubicaciones de escritura est\u00e1ndar y los ejecuta como SYSTEM. Un atacante con pocos privilegios puede colocar un binario malicioso en una carpeta espec\u00edfica; al ejecutar el instalador, el atacante ejecuta c\u00f3digo SYSTEM arbitrario."}], "lastModified": "2025-07-24T17:15:32.570", "sourceIdentifier": "cve@mitre.org"}