Possible privileges escalation by malicious SNS administrators

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2025-005 CVE-2025-59521 12/06/2024 medium v2

Vulnerability details

Possible privileges escalation for a SNS administrator.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted.

Revisions

Version Date Description
v1 11/03/2025 Initial release
v2 05/21/2026 Published as disclosed


Stormshield Network Security

CVSS v3.1 Overall Score: 5.6      

Analysis

Impacted version

SNS administrators with access to the SNS console can extract critical system secrets. Exploiting this data allows them to escalate privileges on the web administration portal by impersonating another administrator with higher rights.

Beyond the risk of privilege escalation, this vulnerability severely compromises accountability: the authenticity and traceability of operations performed on the firewall are no longer guaranteed.
  • SNS 4.8.0 to 4.8.15
  • SNS 4.7.0 to 4.7.10
  • SNS 4.3.0 to 4.3.41
  • SNS 3.11.0 to 3.11.31
  • SNS 3.7.0 to 3.7.42

Workaround solution

Solution

There is no workaround solution.

The following updates will fix this vulnerability:

  • SNS 4.8.16
  • SNS 4.3.42


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local Low High None Unchanged High None None
CVSS Base score: 4.4 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 4 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)
Attack Vector (MAV) Attack Complexity (MAC) Privileges Required (MPR) User Interaction (MUI) Scope (MS)
Local Low High None Not Defined
Confidentiality Impact (MC) Integrity Impact (MI) Availability Impact (MA)
High None None
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
High Medium Medium
CVSS Environmental score: 5.6 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:H/IR:M/AR:M/MAV:L/MAC:L/MPR:H/MUI:N/MS:X/MC:H/MI:N/MA:N)