CVE-2025-50675 Information

Aug 08, 2025 cve

Description

GPMAW 14 a bioinformatics software has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read write and execute permissions for all users allowing unprivileged users to manipulate files within the directory including executable files like GPMAW3.exe Fragment.exe and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user’s context the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw an attacker could gain administrative privileges and execute arbitrary code in the context of the admin resulting in privilege escalation.

Reference

https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main https://www.gpmaw.com/html/downloads.html

CNNVD-202508-703 (Published: 2025-08-07)

Share on:

CVE-2025-50675 Information

Description

Reference

Related CNNVD