CVE-2025-15065
📋 TL;DR
This vulnerability in KESS Enterprise on Windows allows unauthorized actors to access sensitive information, modify services, and escalate privileges due to missing encryption and improper file access controls. It affects all KESS Enterprise installations on Windows before version *.25.9.19.exe. Attackers could potentially take control of affected systems.
💻 Affected Systems
- KESS Enterprise
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative privileges, allowing attackers to modify critical services, access all sensitive data, and maintain persistent access to the network.
Likely Case
Unauthorized access to sensitive files and configuration data, enabling privilege escalation and potential lateral movement within the network.
If Mitigated
Limited to unauthorized file access without privilege escalation if proper access controls and network segmentation are implemented.
🎯 Exploit Status
Exploitation likely requires some level of access to the system or network. The CWE-200 classification suggests information exposure rather than direct remote code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: *.25.9.19.exe or later
Vendor Advisory: https://www.kings.co.kr/solution/01/KESS.jsp?O=10.64&B=Chrome
Restart Required: Yes
Instructions:
1. Download the latest version from the vendor website
2. Backup current configuration and data
3. Install the update following vendor instructions
4. Restart the KESS Enterprise service
5. Verify the update was successful
🔧 Temporary Workarounds
Restrict File and Directory Permissions
windowsManually secure sensitive files and directories used by KESS Enterprise to prevent unauthorized access
icacls "C:\Program Files\KESS Enterprise\*" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F"
icacls "C:\ProgramData\KESS Enterprise\*" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F"
Network Segmentation
windowsIsolate KESS Enterprise systems from untrusted networks and implement strict firewall rules
New-NetFirewallRule -DisplayName "Block KESS External" -Direction Inbound -Program "C:\Program Files\KESS Enterprise\kess.exe" -Action Block
🧯 If You Can't Patch
- Implement strict access controls on KESS Enterprise directories and files using Windows permissions
- Monitor for unauthorized access attempts to KESS Enterprise files and services using security logging
🔍 How to Verify
Check if Vulnerable:
Check the KESS Enterprise version by examining the executable properties or checking the installed programs list in Control PanelCheck Version:
wmic product where "name like 'KESS%'" get versionVerify Fix Applied:
Verify the installed version is *.25.9.19.exe or later and test that sensitive files are no longer accessible to unauthorized users📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to KESS Enterprise directories
- Modification of KESS Enterprise service configurations
- Privilege escalation events related to KESS processes
Network Indicators:
- Unusual network traffic to/from KESS Enterprise systems
- Attempts to access KESS configuration files over network shares
SIEM Query:
EventID=4663 AND ObjectName LIKE '%KESS%' AND AccessMask IN ('0x10000', '0x2')