CVE-2025-56503
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-10
Last updated on: 2025-11-17
Assigner: MITRE
Description
Description
An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder. NOTE: this is disputed by the Supplier because replacing the uninstall file requires administrator permissions, i.e., there is no privilege escalation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sublime_hq | sublime_text | 4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Sublime Text 4 4200 allows authenticated users with low-level privileges to escalate their privileges to Administrator by replacing the uninstall file in the installation folder with a crafted binary.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain Administrator-level access on the affected system, potentially allowing them to perform unauthorized actions, install malicious software, or compromise system integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70