CVE-2025-7012

| EUVD-2025-21253 HIGH
2025-07-13 2505284f-8ffb-486c-bf60-e19c1097a90b
8.6
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:M/U:Green
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 09:18 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:18 euvd
EUVD-2025-21253
CVE Published
Jul 13, 2025 - 08:15 nvd
HIGH 8.6

Tags

Privilege Escalation

Description

An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.

Analysis

CVE-2025-7012 is a local privilege escalation vulnerability in Cato Networks CatoClient for Linux versions prior to 5.5, stemming from improper symbolic link handling that allows an authenticated local attacker to escalate privileges to root. With a CVSS score of 8.6 and CWE-59 classification, this vulnerability presents a high-severity risk to Linux deployments; the attack requires local access and user interaction but delivers complete system compromise. Active exploitation status and proof-of-concept availability should be verified through CISA KEV database and exploit repositories.

Technical Context

The vulnerability exploits improper symbolic link (symlink) handling in CatoClient for Linux—a VPN/network security client deployed on endpoint systems. CWE-59 (Improper Link Resolution Before File Access) occurs when applications fail to validate symbolic links before performing file operations, allowing attackers to redirect file write/read operations to sensitive system locations. In CatoClient's case, the vulnerability likely exists in privilege escalation code paths where the application performs operations in directories world-writable or controlled by lower-privileged users without validating link targets. The affected CPE would be: cpe:2.3:a:cato_networks:catoclient:*:*:*:*:*:linux:*. Versions before 5.5 contain this flaw; the client typically runs with elevated privileges or interacts with privileged processes, creating the attack surface.

Affected Products

[{'vendor': 'Cato Networks', 'product': 'CatoClient', 'platform': 'Linux', 'affected_versions': '< 5.5', 'cpe': 'cpe:2.3:a:cato_networks:catoclient:*:*:*:*:*:linux:*', 'fixed_version': '5.5 and later', 'notes': 'All Linux distributions running CatoClient versions prior to 5.5 are affected. Windows and macOS versions should be evaluated separately for analogous flaws.'}]

Remediation

[{'type': 'Patch', 'action': 'Upgrade CatoClient for Linux to version 5.5 or later', 'priority': 'Critical', 'source': 'Cato Networks official release'}, {'type': 'Interim Mitigation', 'action': 'Restrict login access to Linux systems running CatoClient to trusted users only; disable local shell access where possible for non-administrative accounts', 'priority': 'High'}, {'type': 'Detection', 'action': "Monitor system logs for failed privilege escalation attempts and symbolic link creation in CatoClient's working directories (typically /tmp, /var/run, or application-specific paths); implement file integrity monitoring on privileged CatoClient binaries and configuration files", 'priority': 'Medium'}, {'type': 'Verification', 'action': 'Verify patched version via: catoclient --version or check /opt/cato/catoclient/VERSION file; ensure no rollback to earlier versions in configuration management systems', 'priority': 'High'}]

Priority Score

43
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +43
POC: 0

Share

CVE-2025-7012 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy