CVE-2025-50675: Insecure install folder permissions in GPMAW bioinformatics software# CVE-2025-50675 – Insecure Permissions in GPMAW 14.2
## Summary
**CVE-2025-50675** affects GPMAW 14.2, a bioinformatics software developed by Lighthouse Data. The installer creates the folder `C:\Program Files\gpmaw` with **full control granted to the 'Everyone' group**, allowing any local user to modify files in the directory.
## Affected Product
- **Product:** GPMAW
- **Version:** 14.2
- **Vendor:** Lighthouse Data
- **Vendor site:** https://www.gpmaw.com/html/downloads.html
## Vulnerability Type
- Insecure Permissions
- CWE-276: Incorrect Default Permissions
## Attack Vector
- Local attackers with user access can replace critical executables, such as the uninstaller (`GPsetup64_17028.exe`), with a malicious payload.
- When an administrator runs the uninstaller, the payload executes with elevated privileges.
- Alternatively, attackers can replace components within the installation folder that are executed when the application starts, resulting in persistence on the system.
## Impact
- **Privilege Escalation**
- **Arbitrary Code Execution**
- **Persistence (if executable replaced in user context)**
## Proof of Concept
1. As a standard user, navigate to `C:\Program Files\gpmaw`
2. Replace `GPsetup64_17028.exe` with a malicious executable
3. Delete components to cause errors
4. Wait for an administrator to run the uninstaller
5. The malicious payload runs with administrative privileges
## Mitigation
- Restrict permissions on the installation folder so only trusted users (e.g. Administrators) have write access
- Reinstall GPMAW in a secured location with correct ACLs
## CVE ID
- [CVE-2025-50675](https://www.cve.org/CVERecord?id=CVE-2025-50675)
[4.0K] /data/pocs/cee63bc10ad854175e317151f02e021ac178bbdd
├── [1.0K] LICENSE
└── [1.7K] README.md
0 directories, 2 files