CVE-2025-66265 – Insecure permissions in configuration directory (C:\usr)

CVE ID : CVE-2025-66265

Published : Nov. 26, 2025, 1:16 a.m. | 14 minutes ago

Description : CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files (such as snmp.conf) or hijack DLLs to escalate privileges.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…