Gdata Security Client and Management Server allow the extension of rights
Vulnerabilities in Gdata antivirus software allow attackers to extend their rights. Updates are available.
(Image: Erstellt mit KI / Bing Designer durch heise online / dmk)
Attackers have been able to inject malicious code into the Gdata Security Client antivirus and the Gdata Management Server management software due to security vulnerabilities. Updates are now available that correct the security-relevant errors.
The vulnerabilities were reported in a GitHub project by the user with the handle nullby73. In the Gdata Management Server, there is a vulnerability in the Gdmms service. This starts a process that searches for a ZIP file in a directory that can be written to by users. When unpacking the archive, there is no check for relative paths within the archive. This leads to a so-called “zip slip” gap, which allows the writing or overwriting of arbitrary files with SYSTEM rights. This leads to a privilege escalation (CVE-2025-0542, CVSS 7.8, risk “high”).
High-risk vulnerability also in the Gdata Security Client
There is a vulnerability in Gdata's Security Client, as the SetupSVC service, which is started at irregular intervals, attempts to start an executable file from a directory that can be written to by users. In addition, the software attempts to load two non-existent DLLs – again from a user-writable folder, resulting in a DLL injection vulnerability. By placing a malicious file in place of one of the two libraries, arbitrary code with SYSTEM privileges can be executed as soon as the SetupSVC service starts (CVE-2025-0543, CVSS 7.8, high).
Videos by heise
nullby73 reported the vulnerabilities to Gdata at the beginning of April 2024. Since the beginning of December, both affected software packages have been available in the bug-fixed version 15.8.333; the coordinated release of the vulnerability took place on the weekend. Anyone using this Gdata software should therefore check whether the software has already been automatically updated to the bug-fixed or newer version in their organization. If necessary, admins should do this manually.
Such security leaks are also repeatedly found in other virus scanners. In the middle of the month, it became known that Bitdefender under macOS, for example, had a comparable vulnerability.
(dmk)
