CRITICAL🇵🇱 Wersja polska

CVE-2025-52095

CVSS 9.8v3.1pub. 2025-08-22upd. 2026-01-27

An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll

🤖 AI Analysis
How it works

The SDCommon.dll library included in PDQ Smart Deploy implements authentication data encryption procedures in a manner vulnerable to attack — according to the description and reference title suggesting the use of static cryptographic keys. An attacker can exploit weaknesses in these procedures to obtain or decrypt stored authentication data. Data obtained this way allows for privilege escalation in the system or environment managed by Smart Deploy.

Impact

An attacker can obtain higher privileges in the system, potentially taking control of the environment managed by PDQ Smart Deploy. The consequence of a successful attack is a breach of confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the vendor according to the references — details available at https://www.pdq.com/products/smartdeploy/. It is also recommended to review stored authentication data and rotate passwords for accounts used in the Smart Deploy environment.

Who is affected

PDQ Smart Deploy version V.3.0.2040

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pdq Smart Deploy

    APP
    Pdq
    < 3.0.2046
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-52094HIGH7.8ten sam produkt

Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary...