Skip to main content

Windows CVE-2025-49797

| EUVDEUVD-2025-19089 HIGH
Files or Directories Accessible to External Parties (CWE-552)
2025-06-25 vultures@jpcert.or.jp
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-19089
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
CVE Published
Jun 25, 2025 - 10:15 nvd
HIGH 7.8

DescriptionCVE.org

Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

AnalysisAI

CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.

Technical ContextAI

This vulnerability (CWE-552: Files or Directories Accessible to External Parties) resides in Brother's Windows driver installer packages. CWE-552 indicates improper file/directory permissions or access controls, typically where installer components fail to properly restrict access to temporary files, installation directories, or configuration files during the installation process. Brother driver installers likely execute with elevated privileges during setup, and if the installer fails to properly validate or restrict access to files it reads or writes—such as configuration files, temporary installation files, or DLL loading paths—a local attacker can exploit insecure file handling to inject malicious code. The attack likely involves DLL hijacking, file replacement during installation, or exploitation of race conditions in the installer's file operations. Affected products include Brother printer drivers (MFC, HL, DCP, and other series), though specific CPE strings and version ranges require reference to Brother's official security advisory. The vulnerability impacts Windows systems where Brother device drivers are installed or updated.

RemediationAI

Remediation steps: (1) Consult Brother's official security advisory (referenced in CVE details) to identify specific affected driver versions and safe replacement versions. (2) Download patched driver versions directly from Brother's official support website, verifying version numbers against the advisory. (3) Install patched drivers with administrative privileges in a controlled manner, avoiding automated or unattended installations until patches are confirmed. (4) For affected systems, perform a fresh driver installation after removing old driver versions completely (use Device Manager to uninstall, then remove residual files). (5) Apply principle of least privilege: ensure user accounts installing software operate with minimal required permissions. (6) Workaround (temporary): delay driver installation/updates until patched versions are available; if driver replacement is unavoidable, use isolated administrative sessions and monitor for suspicious behavior. (7) Monitor Brother's security page and firmware release notes for patch availability. (8) For enterprise deployments, test patched drivers in isolated environments before wide rollout. References and patch links will be available at Brother's official security advisory pages (typically brother.com/support or similar).

CVE-2021-40444 HIGH POC
8.8 Sep 15

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX

CVE-2021-1732 HIGH POC
7.8 Feb 25

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by

CVE-2018-8174 HIGH POC
7.5 May 09

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co

CVE-2019-0803 HIGH POC
7.8 Apr 09

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in

CVE-2020-1472 MEDIUM POC
5.5 Aug 17

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr

CVE-2024-30088 HIGH POC
7.0 Jun 11

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-13315 CRITICAL POC
9.3 Nov 19

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b

CVE-2013-10047 CRITICAL POC
9.3 Aug 01

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2025-34101 CRITICAL POC
9.3 Jul 10

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio

Share

CVE-2025-49797 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy