{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T05:55:15.215","vulnerabilities":[{"cve":{"id":"CVE-2025-43715","sourceIdentifier":"cve@mitre.org","published":"2025-04-17T03:15:16.457","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag."},{"lang":"es","value":"Nullsoft Scriptable Install System (NSIS) anterior a la versión 3.11 en Windows permite a los usuarios locales escalar privilegios a SYSTEM durante una instalación, ya que el directorio temporal de complementos se crea en %WINDIR%\\temp y los usuarios sin privilegios pueden colocar un archivo ejecutable manipulado al superar una condición de ejecución. Esto ocurre porque EW_CREATEDIR no siempre activa el indicador de error CreateRestrictedDirectory."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":6.0}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl","source":"cve@mitre.org"},{"url":"https://sourceforge.net/p/nsis/bugs/1315/","source":"cve@mitre.org"}]}}]}