CVE-2025-56503
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in Sublime Text 4 where authenticated users with low-level privileges could potentially replace the uninstall executable with a malicious binary to gain administrator privileges. The vulnerability is disputed by the vendor who claims replacing the uninstall file already requires administrator permissions. Affects Sublime Text 4 users on Windows systems.
💻 Affected Systems
- Sublime HQ Pty Ltd Sublime Text 4
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains full administrator privileges on the system, enabling complete system compromise, data theft, and persistence.
Likely Case
Limited impact due to vendor dispute and requirement for initial low-level access; most likely scenario involves attackers already having some system access attempting privilege escalation.
If Mitigated
No impact if proper file permissions prevent modification of installation directory or if users operate with minimal privileges.
🎯 Exploit Status
Exploit requires authenticated access and ability to write to Sublime Text installation directory. GitHub repository contains proof-of-concept.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available - vendor disputes vulnerability
Restart Required: No
Instructions:
No official patch available. Vendor considers this not a vulnerability. Monitor for updates if vendor changes position.
🔧 Temporary Workarounds
Restrict installation directory permissions
windowsSet proper file permissions on Sublime Text installation directory to prevent unauthorized modifications
icacls "C:\Program Files\Sublime Text 4" /deny Users:(OI)(CI)(WD,AD)
Run with minimal privileges
allEnsure users operate with standard user privileges rather than administrator accounts
🧯 If You Can't Patch
- Implement principle of least privilege - ensure users don't have write access to program installation directories
- Monitor file system changes to Sublime Text installation directory using file integrity monitoring tools
🔍 How to Verify
Check if Vulnerable:
Check if current user has write permissions to Sublime Text installation directory (typically C:\Program Files\Sublime Text 4)Check Version:
Open Sublime Text and check Help > About Sublime Text or run: "C:\Program Files\Sublime Text 4\sublime_text.exe" --versionVerify Fix Applied:
Verify that standard users cannot modify files in Sublime Text installation directory📡 Detection & Monitoring
Log Indicators:
- File modification events in Sublime Text installation directory
- Creation of unexpected executables in program folders
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=4663 OR EventID=4656 AND ObjectName LIKE '%Sublime Text 4%' AND AccessMask IN ('0x2', '0x100')