Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Wondershare Dr.Fone Privilege Scalation Vulnerability

Posted date 29/01/2025
Identificador
INCIBE-2025-0045
Importance
4 - High
Affected Resources
  • Dr.Fone, 13.5.21 version.
Description

INCIBE has coordinated the publication of a high severity vulnerability affecting Wondershare's Dr.Fone version 13.5.21, a solution for data transfer and recovery on mobile devices, which has been discovered by Enrique Fernández Lorenzo (bighound).

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2025-0834 : CVSS v3.1: 7.8 | CVSS AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-269
Solution

There is no reported solution at this time.

Detail

CVE-2025-0834: privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically.

References list
Product sheet - Dr.Fone
Etiquetas