Description
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.
Published: 2025-07-13
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21253 An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.
History

Mon, 14 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00014}

epss

{'score': 0.00016}


Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00014}


Sun, 13 Jul 2025 08:45:00 +0000

Type Values Removed Values Added
Title Cato Networks CatoClient Local Privilege Escalation via Symlink Cato Networks Linux Client Local Privilege Escalation via Symlink

Sun, 13 Jul 2025 08:15:00 +0000

Type Values Removed Values Added
Description An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.
Title Cato Networks CatoClient Local Privilege Escalation via Symlink
Weaknesses CWE-59
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:M/U:Green'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Cato

Published:

Updated: 2025-07-14T20:11:08.143Z

Reserved: 2025-07-02T09:33:23.487Z

Link: CVE-2025-7012

cve-icon Vulnrichment

Updated: 2025-07-14T14:44:33.574Z

cve-icon NVD

Status : Deferred

Published: 2025-07-13T08:15:22.910

Modified: 2026-06-17T10:04:05.747

Link: CVE-2025-7012

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses