CVE-2025-24482

high

Description

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-04

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1720.html

Details

Source: Mitre, NVD

Published: 2025-01-28

Updated: 2025-01-28

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 7

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N