CVE-2025-13492

A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages.

VectorLOCAL

Published Byhp-security-alert@hp.com

Published DateDec 03, 2025, 17:15

Weakness Type (CWE):CWE-363

CVSS Metrics

Base Score

5.4

Vector String

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://support.hp.com/us-en/document/ish_13505078-13505143-16/hpsbgn04078

Base Score

HIGH7

Weakness Type (CWE):CWE-363

CVSS Metrics

Base Score

5.4

Vector String

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)