CVE-2025-43917

Published Apr 19, 2025

Last updated 2 months ago

CVSS high 8.2

Overview

Description
In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as root.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.2
Impact score
6
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-863

Social media

Hype score
Not currently trending

  1. CVE-2025-43917 In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administr… https://t.co/tWE5n1htim

    @CVEnew

    19 Apr 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.