Impact
An insecure permissions configuration in the MSI NBFoundation Service version 2.0.2506.1201 enables a remote attacker by interacting with the MSIAPService.exe component. The issue is a CWE-200 (information exposure) weakness, allowing unauthorized reads of protected data, thereby exposing confidential information.
Affected Systems
MSI NBFoundation Service version 2.0.2506.1201 is affected. The issue centers on the MSIAPService.exe executable, whose filesystem permissions permit exposure of sensitive data to unauthorized users.
Risk and Exploitability
The CVSS score is 7.5, the EPSS score is <1%, and it is not listed in the CISA KEV catalog, so the risk assessment relies on these metrics. The lack of proper permissions grants remote attackers the ability to read protected information, which could facilitate broader compromise if additional data or credentials are revealed. The likely attack vector is remote, as the description refers to a "remote attacker," but the exact method of exploitation is unspecified beyond access to the MSIAPService.exe component.
OpenCVE Enrichment