Description
The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM.
References (2)
Core 2
Core References
Various Sources release-notes
https://www.elby.ch/de/products/vcd.html
Various Sources third-party-advisory
technical-description
https://neodyme.io/de/advisories/cve-2025-1865/
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
3.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (1)
Elaborate Bytes AG/Virtual CloneDrive
< 5.5.2.0
Published
Apr 04, 2025
Tracked Since
Feb 18, 2026