CVE-2025-0425

Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...

CVE-2025-0425

Cordaware bestinformed Infoclient is vulnerable to local privilege escalation: a low-privileged user can change the server address to a malicious or spoofed server, enabling elevation to nt authority\system on Windows. This relies on default GUI permissions and can be mitigated by deploying a cus...