Home > Vulnerability Database > CVE-2025-50691

Mend.io Vulnerability Database

CVE-2025-50691

Good to know:

Date: August 21, 2025

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (including tokens and terminal content) is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation.

Severity Score

5.3

Related Resources (4)

Url: https://github.com/MCSManager/MCSManager/pull/1596

Url: https://github.com/bddjr/bddjr/discussions/9

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-50691

Url: https://www.mend.io/vulnerability-database/CVE-2025-50691

Severity Score

5.3

Weakness Type (CWE)

Incorrect Privilege Assignment

CWE-266

Top Fix

Upgrade Version

Upgrade to version https://github.com/MCSManager/MCSManager.git - null

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-50691

Good to know:

Date: August 21, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?