Local Privilege Escalation in SysTrack from Lakeside Software
CVE-2025-6241

4.4MEDIUM

Key Information:

Vendor: Lakeside Software
Status: Systrack
Vendor: CVE Published:; 27 July 2025

🔔 Create Lakeside Software Vulnerability Alert

What is CVE-2025-6241?

A vulnerability exists in the LsiAgent.exe component of SysTrack from Lakeside Software, where it attempts to load DLL files that are not part of the default installation. If a writable directory is included in the SYSTEM PATH environment variable, an attacker with local access can place a malicious DLL in that directory. This DLL will execute with elevated privileges, specifically under the NT AUTHORITY\SYSTEM context, when the service is started or restarted, leading to a significant security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SysTrack 10.05.0027 < 10.10.0.42

References

https://documentation.lakesidesoftware.com/en/Content/Rel...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2025

JSON

Lakeside Software