CVE-2022-25372
HIGHPritunl-client-electron < 1.2.3019.52a - Improper Privilege Management
Title source: ruleDescription
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6
Patch, Third Party Advisory x_refsource_misc
https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/
Scores
CVSS v3
7.8
EPSS
0.0036
EPSS Percentile
58.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
pritunl/pritunl-client-electron
< 1.2.3019.52a
Published
Feb 20, 2022
Tracked Since
Feb 18, 2026