Vulnerability Description
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kingsoft | Wps Office | < 11.2.0.10258 |
Related Weaknesses (CWE)
References
- https://github.com/HadiMed/KINGSOFT-WPS-Office-LPEExploitThird Party Advisory
- https://jvn.jp/en/vu/JVNVU90673830/Third Party Advisory
- https://www.wps.com/whatsnew/pc/20210806/Product
- https://github.com/HadiMed/KINGSOFT-WPS-Office-LPEExploitThird Party Advisory
- https://jvn.jp/en/vu/JVNVU90673830/Third Party Advisory
- https://www.wps.com/whatsnew/pc/20210806/Product
FAQ
What is CVE-2022-25943?
CVE-2022-25943 is a vulnerability with a CVSS score of 7.8 (HIGH). The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
How severe is CVE-2022-25943?
CVE-2022-25943 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25943?
Check the references section above for vendor advisories and patch information. Affected products include: Kingsoft Wps Office.