CVE-2025-34078

Name: CVE-2025-34078
Creator: NVD / NIST
Published: 2025-07-02T20:15:29.827+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.3/10EPSS 0.50%

Last modified Jun 17, 2026

CVE-2025-34078 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. EPSS estimates a 0.50% chance of exploitation in the next 30 days.

Description

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

7.3/10

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.50%

39.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Nsclient	Nsclient\+\+	0.5.2.35

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/nscp_pe.rbExploit, Third Party Advisory
https://vulncheck.com/advisories/nsclient-localtoremote-system-compromiseExploit, Third Party Advisory
https://www.exploit-db.com/exploits/46802Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/48360Exploit, VDB Entry

Timeline

Published: Jul 2, 2025
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-34078?

How severe is CVE-2025-34078?

CVE-2025-34078 has a CVSS score of 7.3/10 (HIGH severity). The EPSS model estimates a 0.50% probability of exploitation in the next 30 days.

How do I fix CVE-2025-34078?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-34078?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST