CVE-2025-50675

HIGH EPSS 10.9%

Published Aug 7, 202510mo ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Aug 7, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

10.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-732

References 2

github.com https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main
gpmaw.com https://www.gpmaw.com/html/downloads.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.