{"api_version":"1","generated_at":"2026-06-21T13:31:48+00:00","cve":"CVE-2020-7325","urls":{"html":"https://cve.report/CVE-2020-7325","api":"https://cve.report/api/cve/CVE-2020-7325.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7325","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7325"},"summary":{"title":"CVE-2020-7325","description":"Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.","state":"PUBLIC","assigner":"psirt@mcafee.com","published_at":"2020-09-09 10:15:00","updated_at":"2023-11-07 03:26:00"},"problem_types":["CWE-59"],"metrics":[],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10328","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10328","refsource":"","tags":[],"title":"McAfee Security Bulletin - MVISION Endpoint update fixes two vulnerabilities (CVE-2020-7324 and CVE-2020-7325)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7325","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7325","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"7325","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"mvision_endpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7325","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"mvision_endpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","DATE_PUBLIC":"2020-09-08T00:00:00.000Z","ID":"CVE-2020-7325","STATE":"PUBLIC","TITLE":"Privilege Escalation vulnerability in MVISION Endpoint "},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"MVISION Endpoint","version":{"version_data":[{"version_affected":"<","version_name":"20.x","version_value":"20.9"}]}}]},"vendor_name":"McAfee LLC"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]},"references":{"reference_data":[{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10328","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10328"}]},"source":{"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2020-09-09 10:15:00","lastModifiedDate":"2023-11-07 03:26:00","problem_types":["CWE-59"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:mvision_endpoint:*:*:*:*:*:*:*:*","versionEndExcluding":"20.9","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7325","Ordinal":"167604","Title":"CVE-2020-7325","CVE":"CVE-2020-7325","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7325","Ordinal":"1","NoteData":"Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7325","Ordinal":"2","NoteData":"2020-09-09","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7325","Ordinal":"3","NoteData":"2020-09-09","Type":"Other","Title":"Modified"}]}}}