Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-58323

Summary
Assigner-naver
Assigner Org ID-f9629fae-ca2e-4fbf-9785-3ed86476aef6
Published At-29 Aug, 2025 | 01:41
Updated At-29 Aug, 2025 | 17:10
Rejected At-
Credits

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:naver
Assigner Org ID:f9629fae-ca2e-4fbf-9785-3ed86476aef6
Published At:29 Aug, 2025 | 01:41
Updated At:29 Aug, 2025 | 17:10
Rejected At:
▼CVE Numbering Authority (CNA)

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.

Affected Products
Vendor
NAVER
Product
NAVER MYBOX Explorer
Default Status
affected
Versions
Unaffected
  • 3.0.8.133
Problem Types
TypeCWE IDDescription
CWECWE-266CWE-266 Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: CWE-266 Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Minwoo Jeong of KAIST Hacking Lab (@p1nkjelly)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cve.naver.com/detail/cve-2025-58323.html
vendor-advisory
Hyperlink: https://cve.naver.com/detail/cve-2025-58323.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@navercorp.com
Published At:29 Aug, 2025 | 03:15
Updated At:29 Aug, 2025 | 17:15

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-266Secondarycve@navercorp.com
CWE ID: CWE-266
Type: Secondary
Source: cve@navercorp.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cve.naver.com/detail/cve-2025-58323.htmlcve@navercorp.com
N/A
Hyperlink: https://cve.naver.com/detail/cve-2025-58323.html
Source: cve@navercorp.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2025-58322
Matching Score-6
Assigner-Naver Corporation
ShareView Details
Matching Score-6
Assigner-Naver Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 08:02
Updated-29 Aug, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.

Action-Not Available
Vendor-NAVER
Product-NAVER MYBOX Explorer
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-34738
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.7||HIGH
EPSS-0.01% / 2.09%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:56
Updated-26 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-266
Incorrect Privilege Assignment
Details not found