CVE-2022-25943

HIGH

Kingsoft Wps Office < 11.2.0.10258 - Incorrect Default Permissions

Title source: rule

Description

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.

Exploits (2)

nomisec WORKING POC 58 stars

by HadiMed · poc

https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE

View Code ZIP pw:eip

nomisec WORKING POC 6 stars

by webraybtl · poc

https://github.com/webraybtl/CVE-2022-25943

View Code ZIP pw:eip

References (3)

Core 3

Core References

Product x_refsource_confirm

https://www.wps.com/whatsnew/pc/20210806/

Third Party Advisory third-party-advisory x_refsource_jvn

https://jvn.jp/en/vu/JVNVU90673830/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE

Scores

CVSS v3 7.8

EPSS 0.0986

EPSS Percentile 93.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

kingsoft/wps_office < 11.2.0.10258

Published Mar 09, 2022

Tracked Since Feb 18, 2026