Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.
This issue affects OpenConcerto: 1.7.5.
AnalysisAI
Incorrect permission assignment in OpenConcerto 1.7.5 enables local authenticated users with UI interaction to modify critical binary files, potentially allowing privilege escalation or persistent code execution through binary replacement. CVSS score of 2.4 (Low) reflects the local-only attack vector and requirement for user interaction, though the vulnerability creates a persistent integrity risk for affected deployments.
Technical ContextAI
OpenConcerto is an enterprise resource planning (ERP) and business management application. The vulnerability stems from CWE-732 (Incorrect Permission Assignment for Critical Resource), indicating that executable binaries or critical runtime files are stored with overly permissive file permissions. This allows local users with valid credentials to directly modify binary files that should be protected from unauthorized writing. When the application later executes these modified binaries, attacker-controlled code runs with the application's privilege level, bypassing code signature verification or integrity checks.
RemediationAI
Upgrade to the latest patched version of OpenConcerto beyond 1.7.5; consult the vendor advisory at https://www.openconcerto.org/fr/version-1.7.html for available updates and security releases. If patching is delayed, restrict file system permissions on OpenConcerto binary directories to read-only for non-administrative users using OS-level access controls (chmod 755 on Unix/Linux, restricted ACLs on Windows). Limit local system access to OpenConcerto installations to trusted users only; audit and disable unnecessary local user accounts. Implement file integrity monitoring (FIM) on OpenConcerto application directories to detect unauthorized binary modifications. Note that file permission restrictions may impact upgrade or maintenance workflows requiring write access, necessitating temporary privilege elevation with strong audit logging.
More in Openconcerto
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26969