Privilege Escalation Vulnerability in HCL DFMPro and Related Products
CVE-2025-59866
3.3LOW
What is CVE-2025-59866?
The HCL DFMPro, DFXAnalytics, and DFXServer installers are affected by an insecure file permissions vulnerability. This flaw allows a logged-in non-administrative user to overwrite or replace executable files with malicious binaries, potentially leading to unauthorized escalation of privileges. Ensuring proper file permissions is essential to mitigate this risk and safeguard system integrity.
Affected Version(s)
DFMPro for CATIA v4.1
DFXAnalytics v3.1
DFXServer v3.1
