CVE-2025-47809: Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation,...
Description
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
Classification
CVE ID: CVE-2025-47809
CVSS Base Severity: HIGH
CVSS Base Score: 8.2
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Problem Types
CWE-272 Least Privilege ViolationAffected Products
Vendor: Wibu
Product: CodeMeter
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 1.72% (scored less or equal to compared to others)
EPSS Date: 2025-06-13 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-47809https://www.wibu.com/support/security-advisories/wibu-100120.html