CVE-2025-12683
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-04

Last updated on: 2025-11-04

Assigner: Gridware

Description
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-04
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-11-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-12683
EUVD
EUVD-2025-37585
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
everything everything *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists because the Everything service, which runs with SYSTEM privileges, communicates with the lower privileged Everything GUI through a named pipe that has a NULL DACL (Discretionary Access Control List). This means all users have full permissions on the named pipe, allowing a local low privilege user to potentially cause a Service Denial Of Service or escalate privileges if combined with other vulnerabilities.


How can this vulnerability impact me? :

This vulnerability can allow a local low privilege user to disrupt the Everything service, causing a denial of service. Additionally, if combined with other vulnerabilities, it could enable privilege escalation, allowing the attacker to gain higher system privileges than intended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart