While cybersecurity teams were busy putting out other fires, a dangerous privilege escalation vulnerability in OpenText Service Manager flew under the radar. The flaw, now tracked as CVE-2025-0884, affects multiple versions of the widely-used enterprise software – specifically versions 9.70, 9.71, and 9.72. It’s not pretty.
This isn’t your run-of-the-mill bug. With a CVSS v3.1 score of 7.8, it’s classified as high severity and allows attackers with local access to elevate their privileges to SYSTEM level. Just what everyone needs – another way for hackers to take complete control of critical systems.
The vulnerability stems from an unquoted search path issue, which might sound technical and boring until you realize what it means: full system compromise with minimal effort.
Once exploited, attackers can do pretty much whatever they want. Install programs? Sure. Create accounts? Why not. Access sensitive data? Obviously. The possibilities are endless, and none of them are good.
The attack doesn’t even require user interaction or complex methods. Low privileges, low complexity – high impact. Perfect.
OpenText hasn’t been sitting on their hands, though. They’ve released security bulletin KM000036731 with patches for the affected versions and strongly recommend upgrading to something newer than version 9.72.
They’ve also provided workarounds for organizations that can’t patch immediately, because that’s totally how security should work.
The vulnerability highlights several uncomfortable truths about enterprise software. Legacy systems remain prevalent. Patch management is still a nightmare. And proper service configurations? Apparently optional for many organizations.
Similar to this issue, the recently discovered CVE-2024-1973 vulnerability specifically impacts desktop clients and integrations using the .NET SDK/COM SDK on client computers. Like OpenText Identity Manager’s CVE-2024-12799, this issue also received a critical CVSS score of 10, indicating severe security implications.
Security experts are emphasizing the need for immediate patching, application whitelisting, and implementing least privilege principles. Because nothing says “cybersecurity” like fixing the same types of vulnerabilities we’ve known about for decades.
Organizations using Service Manager should review their security configurations now. Before someone else does it for them.
Regular risk assessments are vital for identifying these types of vulnerabilities before they can be exploited by malicious actors.
