Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI
CVE-2023-25648

7.8HIGH

Key Information:

Vendor: ZTE
Status: ZXCLOUD iRAI
Vendor: CVE Published:; 14 December 2023

What is CVE-2023-25648?

A weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product allows attackers with standard user rights to craft a malicious DLL. This vulnerability permits unauthorized command execution and potential escalation of local privileges, posing a risk to system integrity. Users are urged to apply safeguards to mitigate these security concerns.

Affected Version(s)

ZXCLOUD iRAI Windows All versions up to V7.23.20

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Feb 9, 2023