CRITICAL🇵🇱 Wersja polska

CVE-2025-46066

CVSS 9.9v3.1pub. 2026-01-12upd. 2026-01-21

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

🤖 AI Analysis
How it works

The vulnerability classified as CWE-280 (Improper Handling of Insufficient Permissions or Privileges) involves improper handling of permissions by the application. An attacker with an account having a low privilege level can, through the network (without physical access), trigger a privilege escalation mechanism without interaction from another user. The attack vector indicates a change in privilege context beyond the scope of the application itself (Scope: Changed), which may indicate impact on the operating system or other environment components.

Impact

An attacker can gain high privileges in the system, leading to complete loss of confidentiality, integrity, and availability of resources — potentially with the possibility of taking control of the host system or other infrastructure components.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is recommended to contact the manufacturer (automai.com) to obtain information about available updates. Until the patch is implemented, consider restricting network access to the application and applying the principle of least privilege for user accounts.

Who is affected

Automai Director version 25.2.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Automai Director

    APP
    Automai
    25.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-46067HIGH8.2ten sam produkt

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive inf...

CVE-2025-46068HIGH8.8ten sam produkt

An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechan...

CVE-2025-46070CRITICAL9.8PL ✓ten sam vendor

RCE w Automai BotManager poprzez komponent BotManager.exe