CVE-2025-15065
Privilege Escalation via Sensitive Data Exposure in KESS Enterprise
Publication date: 2025-12-29
Last updated on: 2025-12-29
Assigner: FSI
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kings_information_and_network_co | kess_enterprise | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-311 | The product does not encrypt sensitive or critical information before storage or transmission. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows unauthorized actors to gain elevated privileges, modify existing services, and alter shared files. It involves exposure of sensitive information due to missing encryption and files or directories being accessible to external parties. Essentially, it enables privilege escalation and unauthorized modification of system components.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive information, potential privilege escalation allowing attackers to gain higher-level access than intended, and unauthorized modification of services and shared files. This can compromise system integrity, confidentiality, and potentially disrupt normal operations.