HighPublic exploit

Local Privilege Escalation via Insecure Service Binary Permissions in AspEmail 5.6.0.2 (EmailAgent)

IdentifiersCVE-2023-53949CWE-732· Incorrect Permission Assignment…

AspEmail 5.6.0.2 contains a local privilege escalation vulnerability caused by incorrect permission assignment on a critical resource: the BIN directory and/or service binary used by the Persits Software EmailAgent service. Because local users have full write permissions to the BIN directory, an attacker can replace the EmailAgent service executable with a malicious binary. When the service is started (or restarted), the malicious replacement executes in the service’s security context, resulting in elevated system-level access.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

A local attacker can escalate privileges to elevated/system-level access by replacing the Persits Software EmailAgent service executable and having it executed by the service manager. This can enable full compromise of the host, including arbitrary code execution with high privileges, tampering with system configuration, and access to sensitive data available to the elevated context.

Mitigation

If you can’t patch tonight, do this now.

Restrict/repair filesystem ACLs on the AspEmail BIN directory and the Persits Software EmailAgent service executable to remove write/modify permissions for non-admin users/groups. Monitor for unexpected changes to the service binary (e.g., file integrity monitoring) and for service restarts that could trigger execution of a replaced binary. Limit local access to the host where feasible.

Remediation

Patch, then assume compromise.

Apply vendor-provided updates for AspEmail that correct the insecure permissions. Ensure the Persits Software EmailAgent service executable and its containing BIN directory are owned and ACL’d such that only Administrators/SYSTEM (or an appropriate trusted service account) have write/modify permissions, and unprivileged users do not have write access.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

cvefeed high severityNews

Dec 19, 2025

CVE-2023-53949 - AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability

A local privilege escalation vulnerability in AspEmail 5.6.0.2, where improper permissions on the BIN directory allow local attackers to replace the service executable and gain elevated privileges via the Persits Software EmailAgent service.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3