CVE-2023-0213: 
M-Files Desktop vulnerability analysis and mitigation

An elevation of privilege vulnerability was discovered in M-Files Installer versions prior to 22.6 on Windows systems. The vulnerability, identified as CVE-2023-0213, was disclosed on March 29, 2023, and allows local users to gain SYSTEM privileges through DLL hijacking (M-Files Advisory, NVD).

The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) and has received a CVSS 3.1 base score of 8.8. The attack vector is local (AV:L), with low attack complexity (AC:L) and requiring low privileges (PR:L). The scope is changed (S:C) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (M-Files Advisory).

If exploited, this vulnerability allows an authenticated Windows user with local access to escalate their privileges to SYSTEM level. However, it's important to note that this vulnerability does not grant any additional access or privileges to the document vault or M-Files Server. The impact is limited to the local Windows operating system and potential lateral movement with elevated system privileges (M-Files Advisory).

The vulnerability has been addressed in M-Files version 22.6 and later. Users running affected versions should upgrade to version 22.6 or newer to mitigate this security risk (M-Files Advisory).