CVE-2025-41670
Privilege Escalation in System Service via File Manipulation
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a local user with low privileges to manipulate configuration or application-related files in areas of the filesystem that they can write to. These files are used by a privileged system service that processes data from locations not adequately protected against modification by low-privileged users. Because the service runs with elevated privileges, this manipulation can influence its behavior and potentially lead to a local privilege escalation.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with low-level access to the system could escalate their privileges to a higher level by exploiting the insufficient protection of configuration or application files used by a privileged service. This could allow the attacker to gain unauthorized access to sensitive system functions or data.