CVE-2025-52095
CRITICALPDQ SmartDeploy < 3.0.2046 - Privilege Escalation via Credential Encryption Routines
Title source: llmDescription
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://specterops.io/blog/2025/08/12/hklmsystemsetupsmartdeploy-the-static-keys-to-abusing-pdq-smartdeploy/
Product
https://www.pdq.com/
Scores
CVSS v3
9.8
EPSS
0.0032
EPSS Percentile
23.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-522
Status
published
Products (1)
pdq/smart_deploy
< 3.0.2046
Published
Aug 22, 2025
Tracked Since
Feb 18, 2026