CVE-2025-30094
2 minute read
Security Advisory: CVE-2025-30094
Privilege escalation due to race condition in outdated Docusnap versions
Published on: April 22, 2025
CVE ID: CVE-2025-30094
Affected Products: Docusnap 12, outdated versions of Docusnap 13 and 14
Fixed in: Current versions of Docusnap 13 and Docusnap 14
Severity: High
Vulnerability Type: Improper Access Control (Race Condition)
Attack Vector: Local
Description
A race condition vulnerability was discovered in outdated versions of Docusnap (Version 12 and older builds of Version 13), which allows local privilege escalation.
During an inventory process, the DocusnapServer.exe process creates a temporary executable file named DiscoveryWindows_[GUID].exe in the directory: C:\ProgramData\Docusnap\Temp\
This directory was writable by all users at the time. Since the file was executed with elevated privileges a few seconds later, attackers had a 1–3 second window to replace it with a manipulated version and thus execute arbitrary code with SYSTEM privileges.
Cause
- Missing access restrictions on
C:\ProgramData\Docusnap\Temp\ - Time gap between file creation and execution allowed for manipulation
Fix in Current Versions
The vulnerability has been resolved in the latest versions of Docusnap 13 and 14. The following measures have been implemented:
- Signature Verification: The signature of
DiscoveryWindows.exeis checked before execution. - Hash Validation: The file is checked for integrity.
- File Handle Remains Open: Prevents external manipulation before execution.
Recommended Actions for Older Versions
- Update to a current Docusnap version (recommended)
- Alternatively: Manually restrict permissions on the folder
C:\ProgramData\Docusnap\Temp\so that only the Docusnap service account has write access.
Status
This vulnerability has already been fixed in the current versions of Docusnap 13 and 14.
Users of older versions are strongly advised to update or apply the mitigation steps described above.
Affected Versions
| Product | Affected | Fixed in |
|---|---|---|
| Docusnap 12 | ✅ Yes | ❌ No longer supported |
| Docusnap 13 | ✅ Yes (outdated) | ✅ Current Versions |
| Docusnap 14 | ✅ Yes (earlier) | ✅ Current Versions |
Contact
If you have questions or need assistance, our support team is happy to help:
support@docusnap.com