CVE-2025-43079

MEDIUM 6.3

Local Privilege Escalation via qagent_uninstall.sh Qualys Cloud Agents

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges.

CWE	CWE-426
Vendor	qualys inc
Product	qualys agent
Published	Nov 10, 2025
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for qualys inc qualys agent

Be the first to know when new medium vulnerabilities affecting qualys inc qualys agent are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Qualys Inc / Qualys Agent

5.0 < 7.2.3

Qualys Inc / Qualys Agent

3.12 < 7.1.0

Qualys Inc / Qualys Agent

4.17 < 6.0.0

Qualys Inc / Qualys Agent

0 < 6.2.1

Qualys Inc / Qualys Agent

0 < 6.3.1

Qualys Inc / Qualys Agent

0 < 3.31.1-8

Qualys Inc / Qualys Agent

0 < 3.21.1-6

Qualys Inc / Qualys Agent

0 < 4.2.6

Qualys Inc / Qualys Agent

0 < 5.0.3

Qualys Inc / Qualys Agent

0 < 5.0.2

Qualys Inc / Qualys Agent

0 < 6.0.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

qualys.com: https://www.qualys.com/security-advisories/cve-2025-43079

Credits

Brent Zaltsman (AfricanHipp0)