CVE-2025-50691

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: MCSManager version 10.5.3

Description: The MCSManager daemon process runs with root privileges by default. Sensitive data, including tokens and terminal content, is stored in a data directory accessible to all users. This allows unauthorized users to read the daemon’s key and potentially log in, leading to privilege escalation.

Recommendations: Ensure the MCSManager daemon process does not run with root privileges. Restrict access to the data directory containing sensitive information to authorized users only.

Fix

LPE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

CVE-2025-50691

Affected Products

Mcsmanager

CVE-2025-50691

Weakness Enumeration

Related Identifiers

Affected Products

References · 6