Privilege Escalation Vulnerability in Nullsoft Scriptable Install System by Nullsoft
CVE-2025-43715

8.1HIGH

Key Information:

Vendor: Nullsoft
Status: Nullsoft Scriptable Install System
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-43715?

A vulnerability in the Nullsoft Scriptable Install System (NSIS) allows local users on Windows to escalate their privileges to SYSTEM during installation processes. This occurs due to a race condition in the management of the temporary plugins directory, which is improperly created under %WINDIR%\temp. Unprivileged users may exploit this by adding a malicious executable. The underlying issue arises as the EW_CREATEDIR command does not consistently trigger the CreateRestrictedDirectory error flag, leading to potential unauthorized access.

Affected Version(s)

Nullsoft Scriptable Install System 0 < 3.11

References

https://sourceforge.net/p/nsis/bugs/1315/

https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 17, 2025