
We found results for “”
CVE-2025-0712
Good to know:

Date: July 29, 2025
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.
Severity Score
Severity Score
Weakness Type (CWE)
Uncontrolled Search Path Element
CWE-427Top Fix

Upgrade Version
Upgrade to version https://github.com/elastic/apm-server.git - v8.16.3;https://github.com/elastic/apm-server.git - v8.17.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |