WithSecure Repository: Threat Intelligence
Local privilege escalation by file manipulation on N-central windows agent
An incorrect file handling permission vulnerability exists in the N-central Windows Agent and Probe. Under specific conditions, this flaw can allow a local low-privileged user to execute commands with elevated permissions.
The N-central Windows Agent creates a file using Windows default privileges, which permit any user to modify it. This file is subsequently executed by a Windows operating system component without code signing or integrity checks, making it susceptible to race condition-based file manipulation and privilege escalation.
Affected Software:
N-central versions 2025.2.1 and earlier
Resolution:
Upgrade to N-central version 2025.3 or later.
ID: WITH-ZD-2025-0004
Other IDs:
CVE-2025-10231
Application Detailed Category:
management_service
Application Super Category:
local_service
CVSS v3:
CVSS:AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Preconditions Needed For Attacker:
local_user_level_access_required
References:
https://me.n-able.com/s/security-advisory/aArVy0000000jgHKAQ/cve202510231-incorrect-default-permissions-could-lead-to-privilege-escalation
Version:
1.0