{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-47809", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-16T13:36:00.498Z", "dateReserved": "2025-05-10T00:00:00.000Z", "datePublished": "2025-05-16T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CodeMeter", "vendor": "Wibu", "versions": [{"lessThan": "8.30a", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-272", "description": "CWE-272 Least Privilege Violation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-05-16T00:18:40.444Z"}, "references": [{"url": "https://www.wibu.com/support/security-advisories/wibu-100120.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.30a"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T13:35:54.604112Z", "id": "CVE-2025-47809", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T13:36:00.498Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47809", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-16T13:35:54.604112Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T13:35:57.872Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "Wibu", "product": "CodeMeter", "versions": [{"status": "affected", "version": "0", "lessThan": "8.30a", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.wibu.com/support/security-advisories/wibu-100120.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-272", "description": "CWE-272 Least Privilege Violation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "8.30a"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-05-16T00:18:40.444Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47809", "state": "PUBLISHED", "dateUpdated": "2025-05-16T13:36:00.498Z", "dateReserved": "2025-05-10T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-05-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer."}, {"lang": "es", "value": "Las versiones anteriores a la versi\u00f3n 8.30a de Wibu CodeMeter a veces permiten la escalada de privilegios inmediatamente despu\u00e9s de la instalaci\u00f3n (antes de cerrar sesi\u00f3n o reiniciar). Para que esto ocurra, debe haber una instalaci\u00f3n sin privilegios con Control de cuentas de usuario (UAC), y el componente CodeMeter Control Center debe estar instalado y no debe haberse reiniciado. En este caso, el usuario local puede acceder desde Importar licencia a una instancia privilegiada del Explorador de Windows."}], "id": "CVE-2025-47809", "lastModified": "2025-05-16T14:42:18.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-05-16T01:15:51.827", "references": [{"source": "cve@mitre.org", "url": "https://www.wibu.com/support/security-advisories/wibu-100120.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-272"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{"created": "2025-06-24T09:44:18.733307+00:00", "updated": "2025-06-24T09:44:18.733357+00:00", "vendors": ["wibu", "wibu$PRODUCT$codemeter"]}