CVE-2025-47809: 
Wibu-Systems CodeMeter vulnerability analysis and mitigation

CVE-2025-47809 is a privilege escalation vulnerability discovered in Wibu CodeMeter before version 8.30a, disclosed on May 14, 2025. The vulnerability affects the CodeMeter installer on Windows systems when installed with User Access Control (UAC) using an unprivileged account. The issue specifically impacts the CodeMeter Control Center component immediately after installation, before a logoff or reboot occurs (NVD, Wibu Advisory).

The vulnerability is classified as a Least Privilege Violation (CWE-272) with a CVSS v3.1 Base Score of 8.2 (HIGH) and vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. The issue occurs when CodeMeter Control Center is launched with system privileges immediately after installation. This happens specifically when the installation is performed on an unprivileged account with UAC using the built-in Administrator account (Wiz, Wibu Advisory).

Through the vulnerability, an unprivileged local user can escalate privileges to system level through the CodeMeter Control Center component. Using the file selection dialog on 'File' -> 'Import License', a malicious user can navigate to system directories and execute privileged commands, potentially gaining full system access (Wibu Advisory).

The vulnerability has been patched in CodeMeter version 8.30a. For earlier versions, several mitigation options are available: 1) Use a normal user account that is part of the Administrator group for installation instead of the built-in Administrator account, 2) Manually terminate the CodeMeter Control Center after installation and restart as the current user, or 3) End the session through logout or reboot after installation. Systems are not affected if they were restarted, the user logged off, or the CodeMeter Control Center was manually closed since installation (Wibu Advisory).