Vulnerabilities in G DATA Software: CVE-2025-0542 and CVE-2025-0543

 Vulnerabilities in G DATA Software

CVE-2025-0543 and CVE-2025-0542

In January 2025, two significant vulnerabilities were identified in G DATA software products, specifically affecting the G DATA Security Client and G DATA Management Server. Both vulnerabilities are classified as local privilege escalation issues, allowing unprivileged attackers to gain higher-level access within the system.(Jan 25, 2025)

CVE-2025-0543: Local Privilege Escalation in G DATA Security Client

Description: CVE-2025-0543 is a vulnerability that arises from incorrect privilege assignments to directories within the G DATA Security Client. This flaw enables a local, unprivileged attacker to escalate privileges by placing an arbitrary executable file in a globally writable directory. The executable can then be executed by the "SetupSVC.exe" service running in the context of the SYSTEM account, potentially allowing the attacker to perform unauthorized actions at a high privilege level.Impact: The CVSS score for this vulnerability is 8.5, indicating a high severity level. Attackers exploiting this vulnerability could compromise the integrity and confidentiality of the system, leading to potential data breaches or unauthorized access to sensitive information.

Sample Scenario:

1. An attacker with local access to a machine running G DATA Security Client identifies a globally writable directory (e.g., C:\ProgramData\GDATA\Temp).
2. The attacker creates a malicious executable file and places it in this directory.
3. When the SetupSVC.exe service is triggered (for instance, during an update), it executes the malicious file with SYSTEM privileges.
4. The attacker gains full control over the system, allowing them to manipulate files, install additional malware, or exfiltrate sensitive data.

CVE-2025-0542: Local Privilege Escalation in G DATA Management Server

Description: CVE-2025-0542 involves incorrect privilege assignments related to temporary files created during the update mechanism of the G DATA Management Server. Similar to CVE-2025-0543, this vulnerability allows an unprivileged local attacker to escalate privileges by placing a crafted ZIP archive in a globally writable directory. When unpacked by the server process running as SYSTEM, this can lead to arbitrary file writes and further exploitation.Impact: This vulnerability has a CVSS score of 7.3, also categorized as high severity. Exploiting this flaw could allow attackers to overwrite critical files or inject malicious code into the server environment.

Sample Scenario:

1. An attacker with local access identifies a writable directory used by G DATA Management Server for updates.
2. The attacker uploads a specially crafted ZIP file containing malicious scripts or executables.
3. Upon extraction by the update process running under SYSTEM privileges, these scripts execute without restriction.
4. The attacker can manipulate server configurations, access sensitive data, or disrupt server operations.

Conclusion

Both CVE-2025-0543 and CVE-2025-0542 highlight critical security vulnerabilities within G DATA's software that could be exploited by local attackers with minimal privileges. Organizations using these products should prioritize applying patches and implementing security measures to mitigate these risks effectively. Regular audits of directory permissions and monitoring for unusual activities can further enhance security posture against such vulnerabilities.