VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability

7.8 / 10

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27147.

Basic Information

ID CVE-2025-13703

Source zdi

Published Dec 23, 2025 at 21:30

Affected Product

Vendor VIPRE

Product Advanced Security

Version 12.0.2.220

Affected Versions VIPRE Advanced Security 12.0.2.220

CWE Classification

CWE-732

References

{
    "lastseen": "",
    "description": "VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27147.",
    "published": "2025-12-23T21:30:26.235Z",
    "modified": "2025-12-23T21:30:26.235Z",
    "type": "cve",
    "title": "VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability",
    "source": "zdi",
    "references": "https://www.zerodayinitiative.com/advisories/ZDI-25-1023/\nhttps://success.vipre.com/home-windows-release-notes/home-windows-release-notes-20250925",
    "id": "CVE-2025-13703",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "VIPRE Advanced Security 12.0.2.220",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Advanced Security",
    "version": "12.0.2.220",
    "vendor": "VIPRE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability_CVE-2025-13703