CVE-2025-57392

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: BenimPOS Masaustu versions 3.0.x

Description: BenimPOS Masaustu application installation directory grants Everyone and BUILTINUsers groups FILE ALL ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon launch by another user or elevated context.

Recommendations: Restrict file permissions on the application installation directory to prevent unauthorized modification of .exe and .dll files.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2025-57392

Affected Products

Benimpos Masaustu

CVE-2025-57392

Weakness Enumeration

Related Identifiers

Affected Products

References · 5