Privilege Escalation Vulnerability in HCL DFMPro and Related Products
CVE-2025-59866

3.3LOW

What is CVE-2025-59866?

The HCL DFMPro, DFXAnalytics, and DFXServer installers are affected by an insecure file permissions vulnerability. This flaw allows a logged-in non-administrative user to overwrite or replace executable files with malicious binaries, potentially leading to unauthorized escalation of privileges. Ensuring proper file permissions is essential to mitigate this risk and safeguard system integrity.

Affected Version(s)

DFMPro for CATIA v4.1

DFXAnalytics v3.1

DFXServer v3.1

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.