CVE-2025-29800

Опубликовано: 08 апр. 2025

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

FAQ

How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain ROOT privileges.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Обновления

Продукт	Статья	Обновление
Microsoft AutoUpdate for Mac		Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 28%

0.00097

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2025-29800

CVSS3: 7.8

nvd

5 месяцев назад

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

GHSA-jpmv-9x86-xvwc

CVSS3: 7.8

github

5 месяцев назад

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

BDU:2025-04040

CVSS3: 7.8

fstec

5 месяцев назад

Уязвимость приложения автоматического обновления продуктов MS Office Microsoft AutoUpdate (MAU) for Mac, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 28%

0.00097

Низкий

7.8 High

CVSS3