CVE-2025-7883
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eluktronics | control_center | 5.23.51.41 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access and limited privileges to escalate their privileges to SYSTEM level, effectively gaining full control over the affected system. This compromises the confidentiality, integrity, and availability of the system, potentially allowing arbitrary command execution and system takeover. [1, 2]
Can you explain this vulnerability to me?
CVE-2025-7883 is a critical vulnerability in Eluktronics Control Center version 5.23.51.41 that allows local attackers to perform command injection via the Powershell Script Handler component. Specifically, during installation, PowerShell scripts are placed in a directory executed with SYSTEM privileges but lack protection against modification. This allows a low-privileged user to alter these scripts by injecting malicious commands, leading to privilege escalation and full system control. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local command injection in Eluktronics Control Center's PowerShell scripts executed with SYSTEM privileges. Detection involves checking for unauthorized modifications to the PowerShell (.ps1) scripts placed by the software during installation, especially in the directory related to \AiStoneService\MyControlCenter\Command. You can use commands to verify the integrity and recent changes of these scripts, for example: 1) Use PowerShell to check file hashes or last modified timestamps: Get-ChildItem -Path '<path_to_scripts>' | Select-Object Name, LastWriteTime, @{Name='Hash';Expression={Get-FileHash $_.FullName}} 2) Use system auditing or file integrity monitoring tools to detect changes to these scripts. Since the exploit requires local access, monitoring for suspicious local command executions or privilege escalations may also help. However, no specific detection commands or signatures are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local user access to the affected system to prevent exploitation, as the vulnerability requires local access. Since the PowerShell scripts executed with SYSTEM privileges lack proper protection against modification, ensure that file permissions on these scripts are tightened to prevent unauthorized changes by low-privileged users. Consider replacing or uninstalling the affected Eluktronics Control Center version 5.23.51.41, as no vendor patches or mitigations have been provided. Monitoring for suspicious activity and applying the principle of least privilege can also help reduce risk. [2]