CVE-2025-10941
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in Topaz SERVCore Teller installer versions 2.14.0-RC2 and 2.14.1. The vulnerability allows attackers with local access to manipulate insecure directory permissions, potentially gaining elevated privileges. Only systems running the affected installer versions are impacted.
💻 Affected Systems
- Topaz SERVCore Teller
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.
Likely Case
Local user escalates privileges to install malware, modify system configurations, or access restricted data and resources.
If Mitigated
With proper access controls and least privilege principles, impact is limited to the user's own permissions with no privilege escalation.
🎯 Exploit Status
Attack requires local access and manipulation of directory permissions. The vulnerability involves insecure permissions that allow privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest published version (after 2.14.1)
Vendor Advisory: Not provided in CVE details
Restart Required: Yes
Instructions:
1. Uninstall affected versions (2.14.0-RC2/2.14.1). 2. Download latest version from vendor. 3. Install updated version. 4. Restart system to ensure clean state.
🔧 Temporary Workarounds
Remove vulnerable installer
windowsUninstall the affected SERVCore Teller versions to eliminate the vulnerable component
Control Panel > Programs > Uninstall a program > Select Topaz SERVCore Teller > Uninstall
Restrict installer directory permissions
windowsManually secure directory permissions where SERVCoreTeller_2.0.40D.msi is installed
icacls "C:\Program Files\Topaz\SERVCore Teller" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges on affected systems
- Monitor for unauthorized privilege escalation attempts and file permission changes
🔍 How to Verify
Check if Vulnerable:
Check installed version via Control Panel > Programs > Topaz SERVCore Teller properties, or check for existence of SERVCoreTeller_2.0.40D.msi fileCheck Version:
wmic product where name="Topaz SERVCore Teller" get versionVerify Fix Applied:
Verify latest version is installed and SERVCoreTeller_2.0.40D.msi file is no longer present or has been updated📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing unexpected service installation/modification
- Security logs showing privilege escalation attempts
- File system audit logs showing permission changes to Topaz directories
Network Indicators:
- No network indicators - purely local exploitation
SIEM Query:
EventID=4688 OR EventID=4697 OR EventID=4700 AND ProcessName LIKE '%SERVCore%' OR CommandLine LIKE '%nssm%'🔗 References
- https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20Local%20Privilege%20Escalation%20via%20Insecure%20Directory%20Permissions%20in%20SERVCore%20Teller%20Installer.txt
- https://vuldb.com/?ctiid.325811
- https://vuldb.com/?id.325811
- https://vuldb.com/?submit.651434
