CVE-2023-53949

High CVSS: 8.5

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.

Vendor

Product

CWE

CWE-732

Yayın Tarihi

2025-12-19 21:15:50

Güncelleme

2025-12-23 14:52:09

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-732 HIGH 2025

Referanslar

https://www.aspemail.com https://www.exploit-db.com/exploits/51380 https://www.vulncheck.com/advisories/aspemail-local-privilege-escalation-via-binary-permission-vulnerability