Privilege Escalation Vulnerability in Wondershare Dr.Fone Software
CVE-2025-0834

7.8HIGH

Key Information:

Vendor: Wondershare
Status: Dr.fone
Vendor: CVE Published:; 30 January 2025

Summary

A vulnerability has been identified in Wondershare Dr.Fone version 13.5.21, allowing attackers to escalate privileges by substituting the legitimate binary located at ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious alternative. This exploit enables the malicious binary to execute with SYSTEM privileges, potentially compromising system integrity and allowing unauthorized actions that could affect user data and security.

Affected Version(s)

Dr.Fone 13.5.21

References

https://www.incibe.es/en/incibe-cert/notices/aviso/wonder...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 29, 2025

Credit

Enrique Fernández Lorenzo (bighound)