CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon launch by another user or elevated context.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/meisterlos/BenimPOS-POC	Exploit Third Party Advisory
https://github.com/meisterlos/CVE-2025-57392	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:benimpos:benimpos:3.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-09-10 18:15

Updated : 2025-09-17 21:22

NVD link : CVE-2025-57392

Mitre link : CVE-2025-57392

CVE.ORG link : CVE-2025-57392

JSON object : View

Products Affected

benimpos

benimpos

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

7.8 /10