Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.
AnalysisAI
Local privilege escalation in SKYSEA Client View (≤21.200.07j) and SKYMEC IT Manager (≤2024.005.10a) allows low-privileged users to execute arbitrary code with administrative privileges by exploiting insecure installation folder permissions. Attackers can write malicious files into the product directory, achieving full system compromise. EPSS score of 0.01% (2nd percentile) indicates low likelihood of widespread exploitation despite CVSS 8.5 severity. No active exploitation confirmed; CISA SSVC assessment marks exploitation status as 'none' and automatable as 'no', suggesting targeted attack potential rather than mass exploitation risk.
Technical ContextAI
SKYSEA Client View and SKYMEC IT Manager are enterprise endpoint management solutions from Sky Co., Ltd., used primarily in Japanese corporate environments for client device control and IT asset management. The vulnerability stems from CWE-276 (Incorrect Default Permissions), where the products' installation directories are configured with overly permissive Access Control Lists (ACLs) during deployment. Windows file system security typically restricts Program Files directories to administrative access only, but these products fail to properly lock down their installation folders. This allows non-administrative users with local interactive logon (PR:L) to write executable files, DLLs, or configuration files into protected directories. When the legitimate service or application runs with SYSTEM or administrative privileges, it may load the attacker-controlled files, resulting in elevation of privilege. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms local attack vector with low complexity and no additional conditions beyond low-privilege access, making this a classic DLL hijacking or binary planting scenario.
RemediationAI
Upgrade to SKYSEA Client View version 21.200.08j or later, and SKYMEC IT Manager version 2024.005.11a or later (specific patched versions should be confirmed with Sky Co., Ltd. via https://www.skyseaclientview.net/news/260420_01/). The vendor advisory published April 2026 provides detailed update instructions. If immediate patching is not feasible, apply compensating controls: manually restrict NTFS permissions on the product installation directories (typically C:\Program Files\SKYSEA Client View and C:\Program Files\SKYMEC IT Manager) to allow only SYSTEM and Administrators groups full control, removing Modify/Write permissions for the Users group. Use ICACLS commands or Group Policy to enforce restrictive ACLs: icacls "C:\Program Files\SKYSEA Client View" /inheritance:d /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX". Note this workaround may interfere with product updates or self-service features requiring user-level write access. Monitor installation directories with file integrity monitoring (FIM) tools to detect unauthorized file modifications. Implement strict least-privilege access controls and monitor for unusual local privilege escalation attempts via Windows Event IDs 4672 and 4688.
More in Skysea Client View
View allOrigin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. Rated high severity (
Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. Rated high sev
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior
Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an att
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unaut
Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. Rated high severity (CVSS 7.5)
Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prio
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23793