CVE-2025-0425

Name of the Vulnerable Software and Affected Versions bestinformed Infoclient (affected versions not specified)

Description A low-privileged user can change the server address of the bestinformed Server to which the bestinformed Infoclient connects, allowing them to escalate their privileges by abusing certain features of the bestinformed Web server. These features include pushing malicious update packages and arbitrary registry read as nt authoritysystem. An attacker can escalate their privileges to nt authoritysystem on the Windows client running the bestinformed Infoclient. This attack is not possible if a custom configuration (Infoclient.ini) containing the flags ShowOnTaskbar=false or DisabledItems=stPort,stAddress is deployed.

Recommendations For bestinformed Infoclient, consider implementing a custom configuration (Infoclient.ini) with the flags ShowOnTaskbar=false or DisabledItems=stPort,stAddress to prevent the server address from being changed. As a temporary workaround, restrict access to the bestinformed Infoclient GUI to minimize the risk of exploitation. Avoid using the default server address configuration until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.