CVE-2023-25648 Information

Description

There is a weak folder permission vulnerability in ZTE’s ZXCLOUD iRAI product. Due to weak folder permission an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

Reference

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584