EUVD-2025-19089

| CVE-2025-49797 HIGH
2025-06-25 [email protected]
7.8
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-19089
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
CVE Published
Jun 25, 2025 - 10:15 nvd
HIGH 7.8

Tags

Microsoft Privilege Escalation Windows

Description

Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Analysis

CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.

Technical Context

This vulnerability (CWE-552: Files or Directories Accessible to External Parties) resides in Brother's Windows driver installer packages. CWE-552 indicates improper file/directory permissions or access controls, typically where installer components fail to properly restrict access to temporary files, installation directories, or configuration files during the installation process. Brother driver installers likely execute with elevated privileges during setup, and if the installer fails to properly validate or restrict access to files it reads or writes—such as configuration files, temporary installation files, or DLL loading paths—a local attacker can exploit insecure file handling to inject malicious code. The attack likely involves DLL hijacking, file replacement during installation, or exploitation of race conditions in the installer's file operations. Affected products include Brother printer drivers (MFC, HL, DCP, and other series), though specific CPE strings and version ranges require reference to Brother's official security advisory. The vulnerability impacts Windows systems where Brother device drivers are installed or updated.

Affected Products

Brother driver installers for Windows across multiple product lines including: Brother HL series (laser printers), Brother MFC series (multifunction devices), Brother DCP series (multifunction devices), and other Brother imaging device driver packages. Specific affected versions have not been provided in the source data; however, organizations should consult the official Brother security advisory and references cited in the CVE record to identify exact model numbers and version ranges. Affected components include the Windows installer executables (.exe) and any associated DLL or configuration files bundled with driver packages. All Windows versions supporting these drivers (Windows 7 through Windows 11) are potentially affected. The vulnerability impacts both original driver media and driver updates downloaded from Brother's support website or Windows Update if Brother driver packages are distributed through that channel.

Remediation

Remediation steps: (1) Consult Brother's official security advisory (referenced in CVE details) to identify specific affected driver versions and safe replacement versions. (2) Download patched driver versions directly from Brother's official support website, verifying version numbers against the advisory. (3) Install patched drivers with administrative privileges in a controlled manner, avoiding automated or unattended installations until patches are confirmed. (4) For affected systems, perform a fresh driver installation after removing old driver versions completely (use Device Manager to uninstall, then remove residual files). (5) Apply principle of least privilege: ensure user accounts installing software operate with minimal required permissions. (6) Workaround (temporary): delay driver installation/updates until patched versions are available; if driver replacement is unavoidable, use isolated administrative sessions and monitor for suspicious behavior. (7) Monitor Brother's security page and firmware release notes for patch availability. (8) For enterprise deployments, test patched drivers in isolated environments before wide rollout. References and patch links will be available at Brother's official security advisory pages (typically brother.com/support or similar).

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

EUVD-2025-19089 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy