Detections
Analytics

Rapid7 Velociraptor < 0.74.3 Privilege Escalation

medium Nessus Plugin ID 279071

Language:

Synopsis

An application installed on the remote host is affected by privilege escalation vulnerability.

Description

The version of Rapid7 Velociraptor installed on the remote host is prior to 0.74.3. It is, therefore, affected by privilege escalation vulnerability:

 - Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the 'Investigator' role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the 'Investigator' role). (CVE-2025-6264)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Rapid7 Velociraptor version 0.74.3 or later.

See Also

http://www.nessus.org/u?4186c143

Plugin Details

Severity: Medium

ID: 279071

File Name: rapid7_velociraptor_0_74_3.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 12/18/2025

Updated: 12/18/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:H/Au:M/C:P/I:P/A:P

CVSS Score Source: CVE-2025-6264

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:rapid7:velociraptor

Required KB Items: installed_sw/Rapid7 Velociraptor

Patch Publication Date: 6/19/2021

Vulnerability Publication Date: 6/19/2021

Reference Information

CVE: CVE-2025-6264