CVE-2025-0542 Information

Description

Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory which gets unpacked in the context of SYSTEM and results in arbitrary file write.

Reference

https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542