Description

LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary code. This malicious DLL is executed in the context of NT AUTHORITY\SYSTEM upon service start or restart, due to the Windows default dynamic-link library search order, resulting in local elevation of privileges.

INFO

Published Date :

2025-07-27T00:46:41.118Z

Last Modified :

2025-11-03T20:06:53.132Z

Source :

certcc
AFFECTED PRODUCTS

The following products are affected by CVE-2025-6241 vulnerability.

Vendors Products
Lakeside Software
  • Systrack
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6241.

URL Resource
https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/10_10_0%20Hotfix%20Agent%20Release%20Notes%20On%20Premises.htm?tocpath=Release%20Notes%7CAgent%7C_____13 cve-icon cve-icon
https://www.kb.cert.org/vuls/id/335798 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact