CVE-2023-37250

HIGH

Unity Parsec < 9.0 - Privilege Escalation via TOCTOU Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-37250. PoCs published by ewilded.

AI-analyzed exploit summary This is a functional Proof of Concept (PoC) for CVE-2023-37250, a TOCTOU (Time-of-Check Time-of-Use) DLL hijacking vulnerability in Parsec.app, allowing local privilege escalation (LPE) by manipulating oplocks and environmental variables to trick the service into loading a malicious DLL.

Description

Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version.

Exploits (1)

nomisec WORKING POC 2 stars

by ewilded · poc

https://github.com/ewilded/CVE-2023-37250-POC

View Code ZIP pw:eip

This is a functional Proof of Concept (PoC) for CVE-2023-37250, a TOCTOU (Time-of-Check Time-of-Use) DLL hijacking vulnerability in Parsec.app, allowing local privilege escalation (LPE) by manipulating oplocks and environmental variables to trick the service into loading a malicious DLL.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Parsec.app version 150.88.0.0 and earlier

Auth required

Prerequisites: Parsec installed and previously run as the current user · James Forshaw's LPE workshop files (workshop.psd1 and NtObjectManager) · Manual modification of the APPDATA environment variable

MITRE ATT&CK

T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory

https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250

Product

https://unity3d.com

Third Party Advisory, US Government Resource

https://www.kb.cert.org/vuls/id/287122

Scores

CVSS v3 7.0

EPSS 0.0027

EPSS Percentile 19.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-367

Status published

Products (1)

unity/parsec < 9.0

Published Aug 20, 2023

Tracked Since Feb 18, 2026