CVE-2025-43715

High CVSS: 8.1

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.

Vendor

Product

CWE

CWE-754

Yayın Tarihi

2025-04-17 03:15:16

Güncelleme

2025-04-17 20:21:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-754 HIGH 2025

Referanslar

https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl https://sourceforge.net/p/nsis/bugs/1315/