CVE-2025-29801

Опубликовано: 08 апр. 2025

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

FAQ

How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain ROOT privileges.

Обновления

Продукт	Статья	Обновление
Microsoft AutoUpdate for Mac		Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 28%

0.00097

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2025-29801

CVSS3: 7.8

nvd

5 месяцев назад

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

GHSA-hgp6-f396-gg6v

CVSS3: 7.8

github

5 месяцев назад

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

BDU:2025-04250

CVSS3: 7.8

fstec

5 месяцев назад

Уязвимость приложения автоматического обновления продуктов MS Office Microsoft AutoUpdate (MAU) для Mac OS, связанная с неправильными разрешениями по умолчанию, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 28%

0.00097

Низкий

7.8 High

CVSS3