CNNVD-202508-2739 Information
CNNVD ID
CNNVD-202508-2739
Related CVE
- CNNVD Published: 2025-08-22
Description (Chinese)
PDQ Smart Deploy是美国PDQ公司的一款Windows设备映像和部署软件。 PDQ Smart Deploy 3.0.2040版本存在安全漏洞,该漏洞源于HKLMSYSTEMSetupSmartDeploy组件权限不当,可能导致本地攻击者执行任意代码。
Description (English)
PDQ Smart Deploy is a Windows equipment image and deployment software of the United States company PDQ. There is a security loophole in version PDQ Smart Deploy 3.0/2040, which stems from the inappropriate authority of the HHLMSYSTEMSteupSmartDeploy component, which may lead local attackers to enforce arbitrary codes.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
PDQ
Published
2025-08-22
Last Modified
2026-02-24
References
https://www.pdq.com/products/smartdeploy/ https://specterops.io/blog/2025/08/12/hklmsystemsetupsmartdeploy-the-static-keys-to-abusing-pdq-smartdeploy/ https://nvd.nist.gov/vuln/detail/CVE-2025-52094 https://access.redhat.com/security/cve/cve-2025-52094
Patch
https://smartdeploy.pdq.com/hc/en-us/articles/12982168116251-Release-Notes-and-Schedule
Share on: