Local Privilege Escalation Vulnerability in Action1 from Action1 Software
CVE-2025-5480

7.8HIGH

Key Information:

Vendor: Action1
Status: Action1
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-5480?

The vulnerability in Action1 arises from an inaccurate search path configuration for OpenSSL, allowing local attackers to escalate their privileges. By exploiting this flaw, an attacker with low-privileged access can manipulate the unsecured loading of an OpenSSL configuration file. This could lead to arbitrary code execution with SYSTEM privileges, enabling unauthorized control over the affected system. Proper security practices and updates can mitigate this vulnerability.

Affected Version(s)

Action1 5.216.617.1

References

https://www.zerodayinitiative.com/advisories/ZDI-25-323/

x_research-advisory

https://www.action1.com/blog/acknowledging-zdi-can-26767-...

vendor-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 2, 2025