EUVD-2025-9126

ID: EUVD-2025-9126

Severity: high

CVSS v4: 8.9 (CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

Timestamps

Normalized: 2025-12-31T11:32:28Z UTC
Last updated: 2025-12-31T11:30:50Z UTC

References

No references provided.

VulnAI

EUVD-2025-9126

Description

Timestamps

References