Error type:
CWE-269:Improper Privilege Management
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
- Severity (CVSSv4.0): 7.0 (High)
Description:
The vulnerability was identified in Pritunl, version 1.3.4099.99.
The discovered vulnerability allows an attacker to escalate privileges from a normal user to root.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 03.04.2025
Recommendations:
- Update to version 1.3.4220.57 or higher
Additional information: Security advisory, PT SWARM article
Researcher: Egor Filatov (Positive Technologies)
Identifiers:
CVE-2025-43917
BDU:2025-08463
Vendor:
Pritunl, Inc
Vulnerable product:
Pritunl
Vulnerable versions:
1.3.4099.99