Strix
26.1K

CVE-2025-47809

HIGHCVSS 8.2/10EPSS 0.14%

Last modified

CVE-2025-47809 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.

Metrics

CVSS 3.1
8.2/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.14%

3.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2025-47809?
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
How severe is CVE-2025-47809?
CVE-2025-47809 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.
How do I fix CVE-2025-47809?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-47809?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST