CVE-2025-34290

HIGH EPSS 0.8%
Published Dec 20, 20256mo ago · Modified Jun 17, 20262w ago
8.5 CVSS 4.0
High
Find Similar
Published Dec 20, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques.

CVSS Details

Base Score
8.5
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
0.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-250
CWE-367

References 2

  • security-portal.versa-networks.com https://security-portal.versa-networks.com/emailbulletins/69421e33d03aafc8e5bdaf21
  • vulncheck.com https://www.vulncheck.com/advisories/versa-sase-client-for-windows-arbitrary-file-deletion-leading-to-lpe

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.