Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Lifecycle Timeline
3DescriptionCVE.org
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily
granted to the operator group.
- Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .
AnalysisAI
A privilege escalation vulnerability exists in Panorama Suite where certificate private keys installed via the Network and Security tool are granted unnecessary access rights to the operator group, potentially allowing local privileged users to access sensitive cryptographic material. Panorama Suite 2025 versions up to 25.00.004 are affected unless patch PS-2500-00-0357 or higher is applied, while version 25.10.007 (Updated Dec. 25) is not vulnerable. This vulnerability has not been reported as actively exploited (no KEV status), but represents a real information disclosure risk due to improper Windows file permission assignment on security-critical objects.
Technical ContextAI
The vulnerability stems from CWE-732 (Incorrect Permission Assignment for Critical Resource), which describes the failure to properly restrict access to sensitive files or objects. When Panorama Suite 2025 (CPE: cpe:2.3:a:codra:panorama_suite) installs X.509 certificates and their corresponding private keys into the Windows machine certificate store using the Network and Security tool, the installation process incorrectly grants read or execute permissions to the Windows 'operator' group. This violates the principle of least privilege for cryptographic material; private keys should be accessible only to the specific service account or administrator that requires them. The affected versions (25.00.004 and earlier) fail to properly configure NTFS discretionary access control lists (DACLs) during certificate installation, exposing private keys to unintended principals within the operator group.
RemediationAI
Organizations running Panorama Suite 2025 (25.00.004 or earlier) must apply update PS-2500-00-0357 or a higher patch version immediately. Alternatively, upgrade to Panorama Suite 2025 Updated Dec. 25 (version 25.10.007) or later, which has been confirmed as patched. Until patching is completed, restrict operator group membership to only trusted administrative accounts and audit certificate store access using Windows Security Auditing (enable SACL auditing on certificate private key containers). Organizations should consult the CODRA CSIRT security bulletin BS-036 at https://my.codra.net/en-gb/csirt for patch availability and detailed remediation guidance, and verify that newly installed certificates do not retain overly permissive DACLs by reviewing private key file permissions in the Windows certificate stores (typically under %ProgramData%\Microsoft\Crypto\RSA or similar paths).
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15404
GHSA-f22h-wfgq-73hp