A vulnerability in FlexNet Manager Suite 2025 R1 allows an authenticated user with only read‑only access to account settings to elevate their privileges to Administrator level. The flaw is a classic Improper Access Control (CWE‑284) issue, enabling full control over the system and any hosted applications. Once the attacker has administrative rights, they could modify configuration, install malware, exfiltrate data, or disrupt service. Affected systems The product is Flexera’s FlexNet Manager Suite, specifically version 2025 R1. The build runs on Windows platforms, as indicated by the CPE string. Only this release is mentioned as affected, but any environment deploying FlexNet Manager Suite 2025 R1 should be scrutinized. Risk and exploitability With a CVSS score of 8.7, the vulnerability is high severity. No EPSS score is available, suggesting that public exploitation data is limited or not yet assessed. The flaw is not listed in CISA’s KEV catalog. The likely attack vector requires an authenticated account with read‑only access; an attacker would need to leverage that account to invoke the privilege elevation. Because the attack is local and requires valid credentials, the operational risk is significant in environments where read‑only users exist.

Flexera FlexNet Manager Suite 2025 R1, deployed on Windows. No other versions are reported as affected.

With a CVSS score of 8.7, the vulnerability poses a high risk; the EPSS score is currently unavailable, indicating limited public exploitation data, and the flaw is not in the CISA KEV catalog. The likely attack vector is an authenticated read‑only user. The ability to elevate privileges to Administrator level gives an attacker potentially full control over the system, risking confidentiality, integrity, and availability of all data and services managed by FlexNet Manager Suite.