Vulnerability DatabaseCVE-2025-43715
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-43715
April 17, 2025
Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.
Affected Packages
https://github.com/kichik/nsis.git (GITHUB):
Affected version(s) >=v20 <v311
Fix Suggestion:
Update to version v311
Related Resources (2)
https://sourceforge.net/p/nsis/bugs/1315/
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Check for Unusual or Exceptional Conditions
CWE-754
EPSS
Base Score:
0.12