CVE-2025-43715: Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation,...

8.1 CVSS

Description

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

Classification

CVE ID: CVE-2025-43715

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem Types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Affected Products

Vendor: Nullsoft

Product: Nullsoft Scriptable Install System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.39% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43715
https://sourceforge.net/p/nsis/bugs/1315/
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl

Timeline

2025-04-17 03:40:18 UTC
CVE

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation,...