CVE-2025-6241
BaseFortify
Publication date: 2025-07-27
Last updated on: 2025-11-03
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lakeside_software | systrack | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6241 is a security vulnerability in LsiAgent.exe, a component of SysTrack from Lakeside Software. The agent attempts to load several DLL files that are not present in the default installation. If a user-writable directory is included in the SYSTEM PATH environment variable, an attacker can place a malicious DLL in that directory. Due to the Windows default DLL search order, this malicious DLL is loaded and executed with NT AUTHORITY\SYSTEM privileges when the service starts or restarts, resulting in local elevation of privileges.
How can this vulnerability impact me? :
This vulnerability allows a local attacker to execute arbitrary code with SYSTEM-level privileges by placing a malicious DLL in a writable directory that is part of the SYSTEM PATH. This can lead to a full local privilege escalation, allowing the attacker to gain control over the affected system, potentially leading to unauthorized access, data compromise, or disruption of system operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-6241, you should upgrade to the 10.10 Hotfix Agent version of SysTrack from Lakeside Software, which includes security improvements specifically addressing the DLL loading vulnerability. This update prevents exploitation by enhancing the DLL loading process. Additionally, ensure that no user-writable directories are present in the SYSTEM PATH environment variable to reduce risk. [1]