CVE-2025-2782 - Vulnerability Details - OpenCVE

The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005

History

Mon, 31 Mar 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 28 Mar 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description		The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.
Title		WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
Weaknesses		CWE-276
References		https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005
Metrics		cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published: 2025-03-28T22:24:47.152Z

Updated: 2025-03-31T13:24:07.246Z

Reserved: 2025-03-25T00:16:35.756Z

Link: CVE-2025-2782

Vulnrichment

Updated: 2025-03-31T13:24:04.061Z

NVD

Status : Awaiting Analysis

Published: 2025-03-28T23:15:18.310

Modified: 2025-04-01T20:26:30.593

Link: CVE-2025-2782

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2782", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "state": "PUBLISHED", "assignerShortName": "WatchGuard", "dateReserved": "2025-03-25T00:16:35.756Z", "datePublished": "2025-03-28T22:24:47.152Z", "dateUpdated": "2025-03-31T13:24:07.246Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Terminal Services Agent", "vendor": "WatchGuard", "versions": [{"lessThanOrEqual": "12.10", "status": "affected", "version": "12.0", "versionType": "semver"}]}], "datePublic": "2025-03-27T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.</div></div><p>This issue affects Terminal Services Agent: from 12.0 through 12.10.</p>"}], "value": "The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\n\n\n\nThis issue affects Terminal Services Agent: from 12.0 through 12.10."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2025-03-28T22:24:47.152Z"}, "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005"}], "source": {"advisory": "WGSA-2025-00005", "defect": ["FBX-27511"], "discovery": "UNKNOWN"}, "title": "WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T13:23:57.984188Z", "id": "CVE-2025-2782", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T13:24:07.246Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2782", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-31T13:23:57.984188Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T13:24:04.061Z"}}], "cna": {"title": "WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory", "source": {"defect": ["FBX-27511"], "advisory": "WGSA-2025-00005", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WatchGuard", "product": "Terminal Services Agent", "versions": [{"status": "affected", "version": "12.0", "versionType": "semver", "lessThanOrEqual": "12.10"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2025-03-27T17:00:00.000Z", "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\n\n\n\nThis issue affects Terminal Services Agent: from 12.0 through 12.10.", "supportingMedia": [{"type": "text/html", "value": "<div><div>The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.</div></div><p>This issue affects Terminal Services Agent: from 12.0 through 12.10.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2025-03-28T22:24:47.152Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2782", "state": "PUBLISHED", "dateUpdated": "2025-03-31T13:24:07.246Z", "dateReserved": "2025-03-25T00:16:35.756Z", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "datePublished": "2025-03-28T22:24:47.152Z", "assignerShortName": "WatchGuard"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\n\n\n\nThis issue affects Terminal Services Agent: from 12.0 through 12.10."}, {"lang": "es", "value": "WatchGuard Terminal Services Agent en Windows no configura correctamente los permisos de directorio al instalarse en un directorio no predeterminado. Esto podr\u00eda permitir que un atacante local autenticado obtenga privilegios de SYSTEM en un sistema vulnerable. Este problema afecta al Agente de Servicios de Terminal Server de las versiones 12.0 a 12.10."}], "id": "CVE-2025-2782", "lastModified": "2025-04-01T20:26:30.593", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}, "published": "2025-03-28T23:15:18.310", "references": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005"}], "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}