CVE-2025-46355: Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows...

7.3 CVSS

Description

Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.

Classification

CVE ID: CVE-2025-46355

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem Types

Incorrect default permissions

Affected Products

Vendor: Keiyo System Co., LTD

Product: PC Time Tracer

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.88% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46355
https://www.keiyo-system.co.jp/archives/11305
https://jvn.jp/en/jp/JVN05562338/

Timeline

2025-06-03 09:40:17 UTC
CVE

Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows...