[Update 06/06/2025] Privilege Escalation in Panloader by Espiral MS Group
Panloader.exe (ProactivaNet component), version 3.15.0.0.
INCIBE has coordinated the publication of a high severity vulnerability affecting Panloader component by Espiral MS Group, a solution for IT asset management (ITAM). The vulnerability was discovered by Pablo Arriaga Perez.
This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:
- CVE-2025-40672: CVSS v4.0: 8.5 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-732
[Update 06/06/2022]
The manufacturer has released a new version of Panloader that fixes the reported vulnerability. It is recommended to upgrade to Panloader version 3.16.0.0.0 or higher.
[Update 27/05/2022]
In order to mitigate this vulnerability, the vendor recommends modifying the permissions of the Panloader installation directory by preventing the 'Everyone' and 'Authenticated Users' groups from making modifications to the same directory, its contents and descendants.
To achieve this goal it is recommended to remove all permissions from the above mentioned groups and assign again only read, execute and content listing permissions to the 'Authenticated Users' group.
Customers who require further information or technical support for their application can obtain it through the Proactivanet support portal.
CVE-2025-40672: a Privilege Escalation vulnerability has been found in Panloader component v3.15.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS).
