CVE-2025-43079
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-10

Last updated on: 2025-11-18

Assigner: Qualys, Inc.

Description
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-10
Last Modified
2025-11-18
Generated
2026-06-16
AI Q&A
2025-11-10
EPSS Evaluated
2026-06-14
NVD
CVE-2025-43079
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qualys cloud_agent *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Qualys Cloud Agent's uninstall script for MacOS and Linux, which calls system commands without using absolute paths and does not sanitize the $PATH environment variable. If the script is run with elevated privileges in an environment where $PATH is manipulated, an attacker with root or sudo access could trick the script into running malicious executables instead of legitimate system binaries. This can lead to local privilege escalation and arbitrary command execution with elevated privileges.

Impact Analysis

If exploited, this vulnerability can allow an attacker with some elevated privileges to escalate their privileges further or execute arbitrary commands as root or with sudo rights. This could compromise the security and integrity of the affected system, potentially allowing unauthorized control or damage.

Mitigation Strategies

To mitigate this vulnerability, avoid running the Qualys Cloud Agent uninstall script (qagent_uninstall.sh) with elevated privileges in an environment where the $PATH variable may be manipulated. Ensure that the $PATH environment variable is sanitized and uses absolute paths before executing the uninstall script. Additionally, restrict root/sudo access to trusted users to prevent exploitation of this local privilege escalation vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-43079. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart