{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T18:28:12.725","vulnerabilities":[{"cve":{"id":"CVE-2025-6241","sourceIdentifier":"cret@cert.org","published":"2025-07-27T01:15:29.690","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary code. This malicious DLL is executed in the context of NT AUTHORITY\\SYSTEM upon service start or restart, due to the Windows default dynamic-link library search order, resulting in local elevation of privileges."},{"lang":"es","value":"LsiAgent.exe, un componente de SysTrack de Lakeside Software, intenta cargar varios archivos DLL que no están presentes en la instalación predeterminada. Si existe un directorio con permisos de escritura en la variable de entorno SYSTEM PATH, el usuario puede escribir en él una DLL maliciosa con código arbitrario. Esta DLL maliciosa se ejecuta en el contexto de NT AUTHORITY\\SYSTEM al iniciar o reiniciar el servicio, debido al orden de búsqueda predeterminado de la librería de vínculos dinámicos de Windows, lo que resulta en una elevación local de privilegios."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.5}]},"references":[{"url":"https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/10_10_0%20Hotfix%20Agent%20Release%20Notes%20On%20Premises.htm?tocpath=Release%20Notes%7CAgent%7C_____13","source":"cret@cert.org"},{"url":"https://www.kb.cert.org/vuls/id/335798","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}