CVE-2025-0416

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023.The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
NCSC-FICNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Common Weakness Enumeration
References
https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416/