CVE-2025-14305
Unknown Unknown - Not Provided
Local Privilege Escalation in Acer ListCheck.exe via Executable Replacement

Publication date: 2025-12-17

Last updated on: 2025-12-17

Assigner: TWCERT/CC

Description
ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated local attackers can replace ListCheck.exe with a malicious executable of the same name, which will be executed by the system and result in privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-17
Generated
2026-06-16
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14305
EUVD
EUVD-2025-203866
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer listcheck 4.0.0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14305 is a Local Privilege Escalation vulnerability in Acer's ListCheck.exe (version 4.0.0.1 and earlier). An authenticated local attacker can replace the legitimate ListCheck.exe executable with a malicious one of the same name. When the system runs this replaced executable, the attacker gains elevated privileges, allowing them to perform actions with higher system rights than originally permitted. [1, 2]

Impact Analysis

This vulnerability can allow an authenticated local attacker to escalate their privileges on the affected system. By replacing ListCheck.exe with a malicious executable, the attacker can execute code with elevated privileges, potentially compromising system confidentiality, integrity, and availability. This could lead to unauthorized access, modification, or disruption of system resources. [1, 2]

Detection Guidance

You can detect this vulnerability by checking if the vulnerable ListCheck.exe version 4.0.0.1 or earlier is present on your system. Additionally, verify if the executable has been replaced or modified by comparing its hash with a known good version or checking its file properties and timestamps. Commands such as 'dir' or 'ls' to locate ListCheck.exe, and 'certutil -hashfile ListCheck.exe SHA256' on Windows can help verify the file integrity. Monitoring for unexpected execution of ListCheck.exe or unusual privilege escalations may also indicate exploitation attempts. [1, 2]

Mitigation Strategies

The immediate mitigation step is to delete the vulnerable ListCheck.exe executable entirely, as it is no longer maintained and poses a high risk of local privilege escalation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart