CVE-2025-1067

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-732
View all →

Vulnerability Description

There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the file could execute and run malicious commands under the context of the victim. This issue is addressed in ArcGIS Pro 3.3.3 and 3.4.1.

Related Vulnerabilities

CVE-2018-0422

HIGH
CVSS:7.3(High)

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device w...

CWE-7322018

CVE-2018-12335

HIGH
CVSS:7.3(High)

Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestric...

CWE-7322018

CVE-2018-18098

HIGH
CVSS:7.3(High)

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.

CWE-7322018

CVE-2018-19113

HIGH
CVSS:7.3(High)

The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronesto...

CWE-7322018

CVE-2019-12876

HIGH
CVSS:7.3(High)

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

CWE-7322019

CVE-2019-13208

HIGH
CVSS:7.3(High)

WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1....

CWE-7322019