[Update 27/05/2025] Privilege Escalation in Panloader by Espiral MS Group

Posted date 26/05/2025
Identificador
INCIBE-2025-0265
Importance
4 - High
Affected Resources

Panloader.exe (ProactivaNet component), version 3.15.0.0.

Description

INCIBE has coordinated the publication of a high severity vulnerability affecting Panloader component by Espiral MS Group, a solution for IT asset management (ITAM). The vulnerability was discovered by Pablo Arriaga Perez.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

  • CVE-2025-40672: CVSS v4.0: 8.5 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-732
Solution
Detail

CVE-2025-40672: a Privilege Escalation vulnerability has been found in Panloader component v3.15.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS).

References list