PT-2025-52520 · Aspemail+1 · Aspemail+1
Zer0Fault #
·
Published
2025-12-19
·
Updated
2025-12-20
·
CVE-2023-53949
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AspEmail version 5.6.0.2
Description
The software contains a binary permission issue that allows local users to gain higher system access. An attacker can replace the service executable within the BIN directory, due to full write permissions, to achieve this. The vulnerable service is the Persits Software EmailAgent service.
Recommendations
Restrict write permissions in the BIN directory.
Replace the service executable with a secure version.
Exploit
Fix
LPE
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aspemail
Emailagent