Description

GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.

INFO

Published Date :

2025-08-07T00:00:00.000Z

Last Modified :

2025-08-08T14:19:04.585Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-50675 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-50675.

URL Resource
https://github.com/LukeSec/CVE-2025-50675-GPMAW-Permissions/tree/main cve-icon cve-icon cve-icon
https://www.gpmaw.com/html/downloads.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact