CVE-2025-0712

APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer

Description

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.

INFO

Published Date :

2025-07-30T00:12:43.639Z

Last Modified :

2025-07-30T14:06:16.977Z

Source :

elastic

AFFECTED PRODUCTS

The following products are affected by CVE-2025-0712 vulnerability.

Vendors	Products
Elastic	Apm Server

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0712.

URL	Resource
https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact