Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
AnalysisAI
CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.
Technical ContextAI
This vulnerability (CWE-552: Files or Directories Accessible to External Parties) resides in Brother's Windows driver installer packages. CWE-552 indicates improper file/directory permissions or access controls, typically where installer components fail to properly restrict access to temporary files, installation directories, or configuration files during the installation process. Brother driver installers likely execute with elevated privileges during setup, and if the installer fails to properly validate or restrict access to files it reads or writes—such as configuration files, temporary installation files, or DLL loading paths—a local attacker can exploit insecure file handling to inject malicious code. The attack likely involves DLL hijacking, file replacement during installation, or exploitation of race conditions in the installer's file operations. Affected products include Brother printer drivers (MFC, HL, DCP, and other series), though specific CPE strings and version ranges require reference to Brother's official security advisory. The vulnerability impacts Windows systems where Brother device drivers are installed or updated.
RemediationAI
Remediation steps: (1) Consult Brother's official security advisory (referenced in CVE details) to identify specific affected driver versions and safe replacement versions. (2) Download patched driver versions directly from Brother's official support website, verifying version numbers against the advisory. (3) Install patched drivers with administrative privileges in a controlled manner, avoiding automated or unattended installations until patches are confirmed. (4) For affected systems, perform a fresh driver installation after removing old driver versions completely (use Device Manager to uninstall, then remove residual files). (5) Apply principle of least privilege: ensure user accounts installing software operate with minimal required permissions. (6) Workaround (temporary): delay driver installation/updates until patched versions are available; if driver replacement is unavoidable, use isolated administrative sessions and monitor for suspicious behavior. (7) Monitor Brother's security page and firmware release notes for patch availability. (8) For enterprise deployments, test patched drivers in isolated environments before wide rollout. References and patch links will be available at Brother's official security advisory pages (typically brother.com/support or similar).
Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by
The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co
Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in
A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr
Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit
Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19089