VU#335798: SyStrack LsiAgent.e... Note

VU#335798: SyStrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc

Lakeside Software offers a product called SysTrack, an IT digital employee experience platform, which includes an executable called LsiAgent.exe. LsiAgent.exe loads various Dynamic Link Library (DLL) files when run, but it does not properly check the files or their locations. This vulnerability allows an attacker to place a malicious DLL file within a known System PATH variable on the victim device. When LsiAgent.exe runs, it will load the malicious code, resulting in code execution and privilege escalation. LsiAgent.exe runs within the NT AUTHORITY\SYSTEM context, making the impact more severe. The vulnerability, tracked as CVE-2025-6241, can be exploited by placing a malicious DLL file within a System PATH environment variable or by bundling the LsiAgent.exe program with a malicious DLL. A patch has been provided by Lakeside Software to fix the affected LsiAgent.exe program. The vulnerable version, 10.05.0027, has been fixed in versions 10.10.0.42 and higher of LsiAgent.exe. The release notes of the fixed version are available on the Lakeside Software website. Thanks to the reporter Owen Sortwell and contributors Adam Merrill and Brian Healy of Sandia National Laboratories for discovering and reporting the vulnerability.