Vulnerability Description
Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospectiv
- https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospectiv
- https://www.advancedinstaller.com/release-22.6.html
FAQ
What is CVE-2025-47422?
CVE-2025-47422 is a vulnerability with a CVSS score of 7.5 (HIGH). Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-...
How severe is CVE-2025-47422?
CVE-2025-47422 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-47422?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.