CVE-2025-40672: Privilege Escalation in ProactivaNet

8.5 CVSS

Description

A Privilege Escalation vulnerability has been found in ProactivaNet v3.24.0.0 from Grupo Espiral MS. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task.
This would allow an attacker to obtain administrator permissions to
perform whatever activities he/she wants, shuch as accessing sensitive
information, executing code remotely, and even causing a denial of
service (DoS).

Classification

CVE ID: CVE-2025-40672

CVSS Base Severity: HIGH

CVSS Base Score: 8.5

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem Types

CWE-732 Incorrect Permission Assignment for Critical Resource

Affected Products

Vendor: Grupo Espiral MS

Product: ProactivaNet

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.13% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40672
https://www.incibe.es/en/incibe-cert/notices/aviso/privilege-escalation-proactivanet-espiral-ms-group

Timeline

2025-05-26 08:15:38 UTC
Incibe CERT

Escalada de privilegios en ProactivaNet de grupo Espiral MS
2025-05-26 10:40:20 UTC
CVE

Privilege Escalation in ProactivaNet