Elevated Permission Vulnerability in Velociraptor Software
CVE-2025-6264

4.7MEDIUM

Key Information:

Vendor: Rapid7
Status: Velociraptor
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-6264?

Velociraptor, a powerful endpoint monitoring tool, contains a serious flaw that permits users with limited permissions to execute potentially harmful commands. Specifically, the artifact responsible for updating client configuration, Admin.Client.UpdateClientConfig, does not enforce necessary permission checks. This oversight allows users granted COLLECT_CLIENT permissions, often assigned to those in the Investigator role, to execute arbitrary commands and potentially take control of affected endpoints. To mitigate this risk, it is essential for users and administrators to ensure that only authorized personnel can collect and manage these artifacts, thereby safeguarding sensitive operations within their environment.

Affected Version(s)

Velociraptor Windows 0 < 0.74.3

References

https://docs.velociraptor.app/announcements/advisories/cv...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

We thank Christian Fünfhaus from Deutsche Bahn CSIRT for identifying and reporting this issue