CVE-2025-50675 (CNNVD-202508-703)
中文标题:
Lighthouse data GPMAW 14 安全漏洞
英文标题:
GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissio...
漏洞描述
中文描述:
Lighthouse data GPMAW 14是丹麦Lighthouse data公司的一款用于详细分析蛋白质和肽的一级结构的程序。 Lighthouse data GPMAW 14版本存在安全漏洞,该漏洞源于不安全文件权限,可能导致权限提升。
英文描述:
GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.
CWE类型:
标签:
受影响产品
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-50675 |
2025-11-11 15:23:26 | 2025-11-11 07:40:39 |
| NVD | nvd_CVE-2025-50675 |
2025-11-11 15:00:58 | 2025-11-11 07:48:26 |
| CNNVD | cnnvd_CNNVD-202508-703 |
2025-11-11 15:12:53 | 2025-11-11 08:00:08 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202508-703
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']