CVE-2025-30094

Security Advisory: CVE-2025-30094

Privilege escalation due to race condition in outdated Docusnap versions

Published on: April 22, 2025
CVE ID: CVE-2025-30094
Affected Products: Docusnap 12, outdated versions of Docusnap 13 and 14
Fixed in: Current versions of Docusnap 13 and Docusnap 14
Severity: High
Vulnerability Type: Improper Access Control (Race Condition)
Attack Vector: Local


Description

A race condition vulnerability was discovered in outdated versions of Docusnap (Version 12 and older builds of Version 13), which allows local privilege escalation.

During an inventory process, the DocusnapServer.exe process creates a temporary executable file named DiscoveryWindows_[GUID].exe in the directory: C:\ProgramData\Docusnap\Temp\

This directory was writable by all users at the time. Since the file was executed with elevated privileges a few seconds later, attackers had a 1–3 second window to replace it with a manipulated version and thus execute arbitrary code with SYSTEM privileges.


Cause

  • Missing access restrictions on C:\ProgramData\Docusnap\Temp\
  • Time gap between file creation and execution allowed for manipulation

Fix in Current Versions

The vulnerability has been resolved in the latest versions of Docusnap 13 and 14. The following measures have been implemented:

  • Signature Verification: The signature of DiscoveryWindows.exe is checked before execution.
  • Hash Validation: The file is checked for integrity.
  • File Handle Remains Open: Prevents external manipulation before execution.

  • Update to a current Docusnap version (recommended)
  • Alternatively: Manually restrict permissions on the folder
    C:\ProgramData\Docusnap\Temp\ so that only the Docusnap service account has write access.

Status

This vulnerability has already been fixed in the current versions of Docusnap 13 and 14.
Users of older versions are strongly advised to update or apply the mitigation steps described above.


Affected Versions

ProductAffectedFixed in
Docusnap 12✅ Yes❌ No longer supported
Docusnap 13✅ Yes (outdated)✅ Current Versions
Docusnap 14✅ Yes (earlier)✅ Current Versions

Contact

If you have questions or need assistance, our support team is happy to help:
support@docusnap.com