Primary

Context

G DATA Security Client Local Privilege Escalation Vulnerability

Vulnerability

A local privilege escalation vulnerability has been identified in G DATA Security Client. This issue arises from an incorrect assignment of privileges to directories, allowing a local, unprivileged attacker to escalate privileges on affected installations. The vulnerability can be exploited by placing an arbitrary executable in a globally writable directory, which is then executed by the SetupSVC.exe service with SYSTEM privileges.

Impact

Exploitation of this vulnerability allows for local privilege escalation, with unauthorized users gaining SYSTEM-level access.

Remediation

Users can upgrade to G DATA Security Client version 15.8.333 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

G DATA Security Client Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating