12 August 2025
Claudio Contin
Local Privilege Escalation Vulnerability in Thermo Scientificâ„¢ Xcaliburâ„¢ and Foundation software
On January 22, 2025, Thermo Fisher released a security bulletin together with a patch, following Tier Zero Security responsible disclosure of the issue.
While reviewing the newly patched version, Tier Zero Security found that the software was now installed to a different location: C:\Xcalibur\system\programs (previously C:\Program Files (x86)\Thermo\Foundation\).
When inspecting the services executables and DLLs permissions, Tier Zero Security noted that the Authenticated Users still had full write access permissions to these files, indicating that the underline issue has not been addressed. On February 8, 2025, Tier Zero Security reported this to Thermo Fisher.
On June 17, 2025, Thermo Fisher updated the original security bulleting related to the vulnerability, instructing their customers to contact their technical support team in order to have a script run which would fix the affected files permissions.
An official patched version of the software is not yet available (at the time of writing of this post).
Claudio Contin - Principal Consultant