CVE-2025-50691
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-08-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mcsmanager | mcsmanager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-50691 is a local privilege escalation vulnerability in MCSManager where the daemon process runs as root and stores sensitive data such as authentication tokens and terminal content in a directory with overly permissive permissions (default 755). This allows any other user on the same system to read the daemon's key from files like global.json and use it to log into the daemon, thereby escalating their privileges to root. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows any local user on the system to read sensitive daemon keys and data, which can be used to authenticate to the daemon and escalate their privileges to root. This means an attacker with any user account on the system could gain full root access, compromising the entire system's security. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the permissions of the MCSManager installation directory and its subdirectories, especially `/opt/mcsmanager` and `/opt/mcsmanager/daemon/data/Config/global.json`. If the permissions are set to 755 or otherwise allow read access to other users, the system is vulnerable. For example, run the command `ls -ld /opt/mcsmanager` and `ls -l /opt/mcsmanager/daemon/data/Config/global.json` to check if the permissions are too permissive. Additionally, you can attempt to read the sensitive key file as a non-root user to verify exposure. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediately restrict the permissions of the MCSManager directory and its subdirectories to prevent other users from reading sensitive files. You can do this by running `chmod 700 /opt/mcsmanager` to limit access to the root user only. Additionally, consider running the daemon under a dedicated non-root user configured via systemd with `User` and `UMask=0077` directives to ensure files and directories are created with restrictive permissions (files 600, directories 700). Since the maintainers have not issued an official patch, applying these manual permission changes is the recommended mitigation. [1, 2]