CVE-2025-0834

High

Published: 30 January 2025

Published

30 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 6.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically.

Security Summary

CVE-2025-0834 is a privilege escalation vulnerability in Wondershare Dr.Fone version 13.5.21, published on 2025-01-30. The flaw, tied to CWE-269 (Improper Privilege Management), enables an attacker to replace the binary at C:\ProgramData\Wondershare\wsServices\ElevationService.exe with a malicious version. This binary is automatically executed with SYSTEM privileges, allowing unauthorized elevation. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity and no user interaction required. By overwriting the ElevationService.exe binary in the ProgramData directory, the attacker tricks the software into running their malicious code as SYSTEM. This achieves high impacts on confidentiality, integrity, and availability, potentially granting full administrative control over the affected system.

For mitigation guidance, refer to the INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/wondershare-drfone-privilege-scalation-vulnerability.

Details

CWE(s): CWE-269

References

https://www.incibe.es/en/incibe-cert/notices/aviso/wondershare-drfone-privilege-scalation-vulnerability
cve-coordination@incibe.es