EUVD-2025-16715

| CVE-2025-46355 HIGH
2025-06-03 [email protected]
7.3
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16715
CVE Published
Jun 03, 2025 - 08:15 nvd
HIGH 7.3

Tags

RCE Privilege Escalation Windows

Description

Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.

Analysis

PC Time Tracer versions prior to 5.2 contain an incorrect default permissions vulnerability (CWE-276) that allows local authenticated attackers to execute arbitrary code with SYSTEM privileges on Windows systems. The vulnerability requires local access and user interaction but provides complete system compromise capability. No KEV/CISA known exploited vulnerability status or public POC availability is confirmed from the provided data, though the CVSS 7.3 score and EPSS analysis should be monitored for exploitation likelihood.

Technical Context

This vulnerability stems from improper file or registry permission assignments in PC Time Tracer, classified under CWE-276 (Incorrect Default Permissions). Windows-based applications often run with elevated privileges or interact with system resources; if default DACL (Discretionary Access Control List) configurations permit low-privileged users to modify executable files, DLLs, configuration files, or scheduled tasks owned by the application, privilege escalation becomes possible. The root cause likely involves file/directory permissions on application directories (typically C:\Program Files\PC Time Tracer or similar) that inadvertently grant write access to authenticated local users, enabling DLL injection, executable replacement, or configuration manipulation. CPE identification would be: cpe:2.3:a:*:pc_time_tracer:*:*:*:*:*:*:*:* (versions <5.2).

Affected Products

PC Time Tracer versions < 5.2. Specific affected versions not enumerated in provided data, but all releases prior to 5.2 are vulnerable. The vulnerability is Windows-specific. No vendor advisory link was provided; analysts should consult the PC Time Tracer vendor's official security announcements and patch distribution channels for exact version boundaries and CVE-specific guidance. CPE: cpe:2.3:a:pc_time_tracer:pc_time_tracer:*:*:*:*:*:windows:*:* (versions <5.2).

Remediation

1. **Immediate Patch:** Upgrade PC Time Tracer to version 5.2 or later. Obtain the patch from the official vendor download portal or auto-update mechanism. 2. **Pre-Patch Mitigation:** Restrict file and directory permissions on the PC Time Tracer installation directory (typically C:\Program Files\PC Time Tracer) to remove write access for non-administrator users; use icacls or Group Policy to enforce ACLs removing authenticated user write permissions. 3. **Access Control:** Limit local login privileges to trusted users; disable remote access if not required. Monitor and restrict scheduled task execution triggered by the application. 4. **Detection:** Audit file modification events in the application directory and monitor for unexpected process elevation or DLL loading from the application folder.

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

EUVD-2025-16715 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy