Valmet DNA local privilege escalation through insecure DCOM configuration

CVE-2025-0416

Summary It is possible to gain SYSTEM privileges as any local user via a permission issue in the DCOM object.
Impact The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
Issue date
March 31, 2025
Affects Valmet DNA systems C2022 and older.
CVE Name https://nvd.nist.gov/vuln/detail/CVE-2025-0416
CVS Details CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber
CVSS Score
8.9
Solution The new version is available from Valmet Automation Customer Service.
Mitigations  
Acknowledgements Sixtus Leonhardsberger and Felix Eberstaller of LimesSecurity.