CVE-2025-69599
CriticalSummary
RayVentory Scan Engine through version 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. This vulnerability is disputed as the ability to control the environment is a site-specific misconfiguration.
Risk Assessment
Organizations may be exposed to unauthorized access if the PATH variable is misconfigured. Potential consequences include privilege escalation and security breaches.
Recommendation
It is recommended to review and secure the configuration of environment variables to limit the possibility of manipulation by attackers. Consider upgrading to a newer version of the scan engine.
Original NVD description (English source)
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.

