CVE-2025-69599 - Vulnerability Details

- Privilege Escalation via PATH Variable Manipulation in RayVentory Scan Engine

Description

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.

Published: 2026-05-08

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in RayVentory Scan Engine permits an attacker who can manipulate the PATH environment variable to gain elevated privileges during a scan operation. When PATH is altered, the engine may resolve and execute binary files from unintended directories, potentially allowing execution of arbitrary code. This flaw is categorized as a privilege escalation through environment variable manipulation and improper path handling (CWE-427). The description explicitly states that privilege escalation is possible if the attacker controls the PATH environment.

Affected Systems

RayVentory Scan Engine versions through 12.6 Update 8 are vulnerable. The issue arises within the scanning component that resolves executables via the PATH variable. No newer releases are listed as affected.

Risk and Exploitability

The CVSS score of 9.8 indicates a severe flaw, but the EPSS score of <1% and the absence from CISA KEV suggest a low likelihood of public exploitation. Exploitation requires the attacker to influence or set the PATH variable in the environment where the scan engine runs, which is a site‑specific configuration problem. Therefore, the risk is high only if such a misconfiguration exists; otherwise the threat remains relatively contained. The potential attack vector is local or configuration‑based rather than remote, and no evidence of widespread external exploitation is present in the current data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Raynet

Rayventory Scan Engine

100%

Version	Status	Scheme	Platform
`[0,12.6 Update 8]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Request a vendor patch or upgrade beyond version 12.6 Update 8 when available; ensure the update addresses the PATH handling flaw.
Restrict the PATH variable for the scan engine service to trusted directories and run the service under a non‑privileged account.
Monitor and audit changes to the PATH environment variable and inspect scan engine execution logs for abnormal activity that could indicate exploitation attempts.

Generated by OpenCVE AI on May 11, 2026 at 23:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00061.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
https://github.com/Wise-Security/CVE-2025-69599
https://support.raynet.de/hc/en-us/articles/19518792826132-RVY200865-RayVentory-12-6

History

Wed, 13 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Raynet Raynet rayventory Scan Engine
Vendors & Products		Raynet Raynet rayventory Scan Engine

Tue, 12 May 2026 00:00:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via PATH Variable Manipulation in RayVentory Scan Engine

Mon, 11 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Title	Privilege Escalation via PATH Environment Variable Exposure in RayVentory Scan Engine
Weaknesses	CWE-730

Mon, 11 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-427
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 08 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via PATH Environment Variable Exposure in RayVentory Scan Engine
Weaknesses		CWE-730

Fri, 08 May 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.
References		https://github.com/Wise-Security/CVE-2025-69599 https://support.raynet.de/hc/en-us/articles/19518792826132-RVY200865-RayVentory-12-6

Subscriptions

Raynet Rayventory Scan Engine

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-08T00:00:00.000Z

Updated: 2026-05-11T19:07:17.525Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69599

Vulnrichment

Updated: 2026-05-11T18:58:37.115Z

NVD

Status : Awaiting Analysis

Published: 2026-05-08T07:16:28.617

Modified: 2026-05-11T20:25:41.117

Link: CVE-2025-69599

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-13T10:51:47Z

Weaknesses

CWE-427
Uncontrolled Search Path Element

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object