CVE-2025-0884
Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.
The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation.
This issue affects Service Manager: 9.70, 9.71, 9.72.
https://nvd.nist.gov/vuln/detail/CVE-2025-0884
Categories
CWE-428 : Unquoted Search Path or Element
If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:Program.exe" to be run by a privileged program making use of WinExec.
References
AFFECTED (from MITRE)
| Vendor |
Product |
Versions |
| OpenText⢠|
Service Manager |
- 9.70 [affected]
- 9.71 [affected]
- 9.72 [affected]
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
