PT-2025-30989 · Lakeside · Systrack
Published
2025-07-27
·
Updated
2025-07-28
·
CVE-2025-6241
CVSS v3.1
4.4
4.4
Medium
| Base vector | Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Lakeside SysTrack versions (affected versions not specified)
Description:
LsiAgent.exe, a component of SysTrack, attempts to load DLL files that are not part of the default installation. If a user-writable directory is included in the SYSTEM PATH environment variable, a user can place a malicious DLL in that directory. This DLL is then executed with NT AUTHORITYSYSTEM privileges when the service starts or restarts, leading to local privilege escalation.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Related Identifiers
CVE-2025-6241
Affected Products
Systrack
References · 7
- https://nvd.nist.gov/vuln/detail/CVE-2025-6241 · Security Note
- https://twitter.com/CVEnew/status/1949309922572992859 · Twitter Post
- https://twitter.com/fridaysecurity/status/1949626801438810182 · Twitter Post
- https://twitter.com/VulmonFeeds/status/1949281847134892440 · Twitter Post
- https://twitter.com/the_yellow_fall/status/1949663129748840501 · Twitter Post
- https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/10_10_0%20Hotfix%20Agent%20Release%20Notes%20On%20Premises.htm?tocpath=Release%20Notes%7CAgent%7C_____13 · Note
- https://t.me/pentestingnews/65240 · Telegram Post