CVE-2025-3886

Severity CVSS v4.0:

MEDIUM

Type:

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Publication date:

27/04/2025

Last modified:

29/04/2025

Description

An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.

Impact

Vector 4.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L/U:Green CVSS v4.0 Severity and Metrics:

Base Score: 5.70 MEDIUM
Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L/U:Green

Attack Vector (AV): Local
Attack Complexity (AC): High
Attack Requirements (AT): Present
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): High
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Automatable (AU): Yes
Recovery (R): User
Vulnerability Response Effort (RE): Low
Provider Urgency (U): Green

Base Score 4.0

5.70

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://support.catonetworks.com/hc/en-us/articles/26903049677597-Security-Vulnerability-CVE-2025-3886-that-Impacts-macOS-Client-Versions-Lower-than-5-8