CVE-2025-52095 – This vulnerability in PDQ Smart Deploy allows a... (How to Fix)

Q: What is the severity of CVE-2025-52095?

CVE-2025-52095 has a CVSS score of 9.8 (CRITICAL). This vulnerability in PDQ Smart Deploy allows attackers to decrypt stored credentials using static encryption keys, enabling privilege escalation. Organizations using PDQ Smart Deploy version 3.0.2040 for Windows deployment are affected. Attackers can gain administrative access to managed systems.

📋 TL;DR

This vulnerability in PDQ Smart Deploy allows attackers to decrypt stored credentials using static encryption keys, enabling privilege escalation. Organizations using PDQ Smart Deploy version 3.0.2040 for Windows deployment are affected. Attackers can gain administrative access to managed systems.

💻 Affected Systems

Products:

PDQ Smart Deploy

Versions: Version 3.0.2040

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of this specific version are vulnerable due to static encryption keys in SDCommon.dll.

📦 What is this software?

Smart Deploy by Pdq

View all CVEs affecting Smart Deploy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete domain compromise through lateral movement using stolen administrative credentials across all managed endpoints.

🟠

Likely Case

Local privilege escalation on individual systems leading to credential theft, persistence establishment, and limited lateral movement.

🟢

If Mitigated

Isolated impact on single system if proper network segmentation and least privilege are implemented.

🌐 Internet-Facing: LOW - This requires local access or network access to the Smart Deploy management system.

🏢 Internal Only: HIGH - Attackers with internal network access can exploit this to escalate privileges across managed systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the Smart Deploy system or its credential storage, but the decryption routine is publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check PDQ website for latest version (likely 3.0.2041 or higher)

Vendor Advisory: https://www.pdq.com/

Restart Required: Yes

Instructions:

1. Check current Smart Deploy version
2. Download latest version from PDQ website
3. Run installer as administrator
4. Restart Smart Deploy services
5. Verify update completed successfully

🔧 Temporary Workarounds

Disable Smart Deploy service

windows

Temporarily stop Smart Deploy services to prevent exploitation

sc stop "PDQSmartDeploy"
sc config "PDQSmartDeploy" start= disabled

Restrict access to Smart Deploy system

all

Apply strict network ACLs to limit access to Smart Deploy management interface

🧯 If You Can't Patch

Isolate Smart Deploy system on separate VLAN with strict access controls
Rotate all credentials stored in Smart Deploy and implement credential vaulting

🔍 How to Verify

Check if Vulnerable:

Check Smart Deploy version in application or via registry: HKEY_LOCAL_MACHINE\SOFTWARE\PDQ\Smart Deploy\Version

Check Version:

reg query "HKLM\SOFTWARE\PDQ\Smart Deploy" /v Version

Verify Fix Applied:

Verify version is updated to patched release and test credential encryption functionality

📡 Detection & Monitoring

Log Indicators:

Unusual access to SDCommon.dll
Multiple failed credential decryption attempts
Unexpected service restarts of PDQSmartDeploy

Network Indicators:

Unusual connections to Smart Deploy management port (default 7337)
Credential dumping tools communicating with Smart Deploy system

SIEM Query:

EventID=4688 AND (ProcessName="*SDCommon*" OR CommandLine="*decrypt*" OR ParentProcessName="*SmartDeploy*")

📊 Metadata

CVE ID: CVE-2025-52095

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

EPSS Score: 0.05% exploit probability (15.1th percentile)

Published: August 22, 2025

Last Updated: January 27, 2026

🔗 References

https://specterops.io/blog/2025/08/12/hklmsystemsetupsmartdeploy-the-static-keys-to-abusing-pdq-smartdeploy/ Exploit,Third Party Advisory
https://www.pdq.com/ Product
https://www.pdq.com/products/smartdeploy/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52095, you might also want to check these: