PT-2025-8961 · Unknown · Velociraptor
Darragh Oreilly
·
Published
2025-02-27
·
Updated
2025-02-28
·
CVE-2025-0914
CVSS v3.1
3.8
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Velociraptor versions prior to 0.73.4
Description
The issue is related to improper access control in the VQL shell feature, allowing authenticated users to execute the
execve() plugin even when it is explicitly forbidden by the prevent execve flag in the configuration file. This setting is not commonly used, so the issue will only affect users who have set it.Recommendations
For versions prior to 0.73.4, update to release 0.73.4 to resolve the issue.
Fix
LPE
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Velociraptor