CVE-2025-0425 Information

Description

Via the GUI of the estinformed Infoclient\ a low-privileged user is by default able to change the server address of the estinformed Server\ to which this client connects. This is dangerous as the estinformed Infoclient\ runs with elevated permissions ( t authority\system). By changing the server address to a malicious server or a script simulating a server the user is able to escalate his privileges by abusing certain features of the estinformed Web\ server. Those features include: Pushing of malicious update packages Arbitrary Registry Read as t authority\system\n

An attacker is able to escalate his privileges to t authority\system\ on the Windows client running the estinformed Infoclient. 

This attack is not possible if a custom configuration (\Infoclient.ini) containing the flags \ShowOnTaskbar=false\ or \DisabledItems=stPortstAddress\ is deployed.

Reference

https://www.cordaware.com/changelog/en/version-6_3_8_1.html