MEDIUM🇬🇧 English

CVE-2025-5317

CVSS 6.8v4.0pub. 2025-11-11upd. 2025-12-08

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Bitdefender Endpoint Security

    APP
    Bitdefender
    < 7.20.52.200087
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-2223HIGH8.1ten sam produkt

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to c...

CVE-2024-2224HIGH8.1ten sam produkt

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServ...

CVE-2020-8097HIGH8.1ten sam produkt

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender En...

CVE-2020-8108HIGH8.2ten sam produkt

Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process ...

CVE-2025-1987CRITICAL9.3PL ✓ten sam vendor

Stored XSS w Psono Client / Bitdefender SecurePass via złośliwe URL w magazynie haseł

CVE-2025-5317 — MEDIUM 6.8 | CVEbaza.pl