CVE-2025-57797 is a high-severity vulnerability affecting PFU Limited's ScanSnap Manager installers in versions prior to V6.5L61. The vulnerability arises from incorrect privilege assignment during the installation process. Specifically, an authenticated local attacker—meaning someone with valid access to the affected system—can exploit this flaw to escalate their privileges beyond their current level. This escalation allows the attacker to execute arbitrary commands with elevated privileges, potentially gaining full control over the affected system. The vulnerability is classified with a CVSS 3.0 score of 7.8, indicating a high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L) but no user interaction (UI:N). The scope remains unchanged (S:U), meaning the impact is confined to the vulnerable component or system. The vulnerability's exploitation could lead to full system compromise, data theft, or disruption of services. No known exploits are currently reported in the wild, but the presence of this vulnerability in widely used ScanSnap Manager installers poses a significant risk if left unpatched. ScanSnap Manager is a software suite used to manage and operate PFU Limited's ScanSnap scanners, which are popular in office environments for document digitization and management.

For European organizations, the impact of this vulnerability can be substantial, especially in sectors relying heavily on document management and scanning solutions, such as legal, financial, healthcare, and government institutions. Exploitation could allow malicious insiders or compromised local users to gain elevated privileges, bypassing security controls and potentially accessing sensitive documents or injecting malicious commands into the system. This could lead to data breaches, intellectual property theft, or disruption of critical document workflows. Additionally, since ScanSnap devices are often connected to networked environments, privilege escalation on a local machine could serve as a pivot point for lateral movement within corporate networks, increasing the risk of broader compromise. The lack of user interaction requirement means that once an attacker has local access, exploitation can be automated or executed stealthily, increasing the threat level. Given the high confidentiality, integrity, and availability impacts, organizations could face regulatory penalties under GDPR if sensitive personal data is exposed or compromised due to this vulnerability.

European organizations should immediately verify the versions of ScanSnap Manager installers deployed across their environments and prioritize upgrading to version V6.5L61 or later, where this vulnerability is addressed. Since no official patch links are provided, organizations should consult PFU Limited's official channels or support for the latest updates and security advisories. In the interim, organizations should restrict local access to systems running vulnerable ScanSnap Manager installers, enforcing strict access controls and monitoring for unusual local activity. Implementing application whitelisting can prevent unauthorized execution of arbitrary commands. Additionally, deploying endpoint detection and response (EDR) solutions can help detect privilege escalation attempts. Regular auditing of user privileges and local accounts can reduce the risk of exploitation by limiting the number of users with local access. Network segmentation should be employed to isolate systems with ScanSnap software from critical infrastructure to limit potential lateral movement. Finally, organizations should educate users about the risks of local privilege escalation and ensure that only trusted personnel have authenticated local access to vulnerable systems.