A high-severity local privilege escalation vulnerability in NoMachine software could allow a local attacker to gain unauthorized elevated system access.

This vulnerability involves improper control of file path input, which can be exploited by an authenticated local user to escalate privileges beyond their current authorization level.

Successful exploitation of this vulnerability could allow a malicious actor to gain full system control, leading to unauthorized data access, modification, or the installation of persistent backdoors. With a CVSS score of 7.8, this flaw represents a significant risk to the integrity and confidentiality of the host machine, potentially leading to total system compromise.

Immediate Action: Update the NoMachine installation to the latest available patched version provided by the vendor.

Proactive Monitoring: Audit local system logs for unusual file access patterns or unexpected execution of administrative commands by non-privileged accounts.

Compensating Controls: Restrict local user access to the host server and enforce the principle of least privilege to minimize the potential impact of a local exploit.

Public Exploit Available: false

Given the potential for privilege escalation, organizations must prioritize patching all affected NoMachine deployments. Ensure that all systems are updated immediately to mitigate the risk of local users gaining administrative control over the host environment.