CVE-2026-32325
Deferred Deferred - Pending Action
Privilege Escalation in ServerView Agents for Windows

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: JPCERT/CC

Description
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-32325
EUVD
EUVD-2026-33572
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fsas_technologies_inc serverview_agents_for_windows to 11.60.04 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-268 Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32325 is a privilege chaining vulnerability found in ServerView Agents for Windows versions V11.60.04 and earlier. It allows a local authenticated attacker who can log in to the affected server to escalate their privileges to the SYSTEM level, which is the highest level of privilege on a Windows system.

Mitigation Strategies

To mitigate this vulnerability, the vendor recommends updating ServerView Agents for Windows to the latest version beyond V11.60.04.

If updating immediately is not possible, applying any available workaround provided by the vendor until the update can be applied is advised.

Impact Analysis

If exploited, this vulnerability can allow an attacker with local access to the server to gain SYSTEM privileges. This means the attacker could fully control the system, potentially compromising confidentiality, integrity, and availability of data and services on the affected server.

Compliance Impact

This vulnerability allows a local authenticated attacker to escalate privileges to SYSTEM level, which can lead to unauthorized access to sensitive data and critical system functions.

Such unauthorized privilege escalation can impact the confidentiality, integrity, and availability of data, potentially causing non-compliance with standards and regulations like GDPR and HIPAA that require strict access controls and protection of sensitive information.

Therefore, exploitation of this vulnerability could result in violations of these compliance requirements if sensitive data is accessed or altered without proper authorization.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32325. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart