CVE-2025-50675

GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main
https://www.gpmaw.com/html/downloads.html
https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-07 19:15

Updated : 2025-08-08 15:15

NVD link : CVE-2025-50675

Mitre link : CVE-2025-50675

CVE.ORG link : CVE-2025-50675

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2025-50675", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-08-07T19:15:28.597", "references": [{"url": "https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main", "source": "cve@mitre.org"}, {"url": "https://www.gpmaw.com/html/downloads.html", "source": "cve@mitre.org"}, {"url": "https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation."}, {"lang": "es", "value": "GPMAW 14, un software bioinform\u00e1tico, presenta una vulnerabilidad cr\u00edtica relacionada con permisos de archivo inseguros en su directorio de instalaci\u00f3n. El directorio es accesible con permisos completos de lectura, escritura y ejecuci\u00f3n para todos los usuarios, lo que permite a usuarios sin privilegios manipular archivos dentro del directorio, incluyendo archivos ejecutables como GPMAW3.exe, Fragment.exe y el desinstalador GPsetup64_17028.exe. Un atacante con acceso de usuario puede aprovechar esta configuraci\u00f3n incorrecta reemplazando o modificando el desinstalador (GPsetup64_17028.exe) con una versi\u00f3n maliciosa. Si bien la aplicaci\u00f3n se ejecuta en el contexto del usuario, el desinstalador generalmente se ejecuta con privilegios administrativos cuando un administrador intenta desinstalar el software. Al explotar esta vulnerabilidad, un atacante podr\u00eda obtener privilegios administrativos y ejecutar c\u00f3digo arbitrario en el contexto del administrador, lo que resulta en una escalada de privilegios."}], "lastModified": "2025-08-08T15:15:28.420", "sourceIdentifier": "cve@mitre.org"}