Published:2025/12/11 Last Updated:2025/12/11
JVN#40102375
QND vulnerable to privilege escalation
Overview
QND provided by QualitySoft Corporation is vulnerable to privilege escalation.
Products Affected
- QND Premium/Advance/Standard Ver.11.0.9i and prior
Description
QND provided by QualitySoft Corporation contains the following vulnerability.
- Privilege Chaining (CWE-268)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-64701
Impact
A privilege escalation vulnerability allows a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed.
Solution
Apply the Patch
Apply the patch after updating to Ver.11.0.9i according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| QualitySoft Corporation | A vulnerability found in QND Windows client (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Tongren Chen of PwC Consulting LLC reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-64701 |
| JVN iPedia |
JVNDB-2025-000115 |