Common Weakness Enumeration

CWE-426

Allowed-with-Review

Untrusted Search Path

Abstraction: Base · Status: Stable

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

892 vulnerabilities reference this CWE, most recent first.

CVE-2025-15321 (GCVE-0-2025-15321)

Vulnerability from cvelistv5 – Published: 2026-02-05 18:20 – Updated: 2026-02-06 17:37
VLAI
Title
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Tanium Tanium Appliance Affected: 1.8.3.0 , < 1.8.3.0196 (custom)
Affected: 1.8.5.0 , < 1.8.5.0199 (custom)
Affected: 1.8.5.0 , < 1.8.5.0227 (custom)
    cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*
    cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*
    cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2025-08-19 00:00
Credits
Filip Waeytens Frank Lycops Jean-Michel Huguet Jorge Escabias Justin Hocquel from NCIA/NCSC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15321",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T17:37:17.139008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-06T17:37:27.718Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*",
            "cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*",
            "cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*"
          ],
          "product": "Tanium Appliance",
          "vendor": "Tanium",
          "versions": [
            {
              "lessThan": "1.8.3.0196",
              "status": "affected",
              "version": "1.8.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.8.5.0199",
              "status": "affected",
              "version": "1.8.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.8.5.0227",
              "status": "affected",
              "version": "1.8.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Filip Waeytens"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Frank Lycops"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jean-Michel Huguet"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jorge Escabias"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Justin Hocquel from NCIA/NCSC"
        }
      ],
      "dateAssigned": "2025-12-29T23:13:00.595Z",
      "datePublic": "2025-08-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T18:20:39.404Z",
        "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "shortName": "Tanium"
      },
      "references": [
        {
          "name": "TAN-2025-024",
          "url": "https://security.tanium.com/TAN-2025-024"
        }
      ],
      "title": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
    "assignerShortName": "Tanium",
    "cveId": "CVE-2025-15321",
    "datePublished": "2026-02-05T18:20:39.404Z",
    "dateReserved": "2025-12-29T23:13:00.749Z",
    "dateUpdated": "2026-02-06T17:37:27.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13491 (GCVE-0-2025-13491)

Vulnerability from cvelistv5 – Published: 2026-02-05 13:55 – Updated: 2026-03-13 23:16
VLAI
Title
IBM App Connect Enterprise Certified Container Information Disclosure
Summary
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7259746 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM App Connect Enterprise Certified Container Affected: 11.2.0 , ≤ 11.6.0 (semver)
Affected: 12.1.0 , ≤ 12.19.0 (semver)
Affected: 12.0.0 , ≤ 12.0.19 (semver)
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:46:00.445395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:46:23.152Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "App Connect Enterprise Certified Container",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.6.0",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.19.0",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.0.19",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003cspan\u003eIBM App Connect Enterprise Certified Container\u0026nbsp;\u003c/span\u003eCD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u0026nbsp;\u003cspan\u003eand\u0026nbsp;\u003c/span\u003e12.0 LTS: 12.0.0 through 12.0.19\u003cspan\u003e\u0026nbsp;could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM App Connect Enterprise Certified Container\u00a0CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u00a0and\u00a012.0 LTS: 12.0.0 through 12.0.19\u00a0could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-13T23:16:33.682Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7259746"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM App Connect Enterprise Certified Container Information Disclosure",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eDisable mapping assistance in the DesignerAuthoring component\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Disable mapping assistance in the DesignerAuthoring component"
        }
      ],
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13491",
    "datePublished": "2026-02-05T13:55:21.838Z",
    "dateReserved": "2025-11-20T21:11:07.402Z",
    "dateUpdated": "2026-03-13T23:16:33.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13433 (GCVE-0-2025-13433)

Vulnerability from cvelistv5 – Published: 2025-11-20 00:32 – Updated: 2025-11-20 15:30
VLAI
Title
Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path
Summary
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Muse Group MuseHub Affected: 2.1.0.1567
Create a notification for this product.
Credits
lakshay12311 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13433",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-20T15:30:27.823451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-20T15:30:36.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Windows Service"
          ],
          "product": "MuseHub",
          "vendor": "Muse Group",
          "versions": [
            {
              "status": "affected",
              "version": "2.1.0.1567"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lakshay12311 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\\Program Files\\WindowsApps\\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "Unquoted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T00:32:05.854Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-332977 | Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.332977"
        },
        {
          "name": "VDB-332977 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.332977"
        },
        {
          "name": "Submit #687547 | Muse Group MuseHub  2.1.0.1567 Unquoted Search Path",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.687547"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Musehub.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-11-19T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-11-19T18:00:59.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-13433",
    "datePublished": "2025-11-20T00:32:05.854Z",
    "dateReserved": "2025-11-19T16:52:41.302Z",
    "dateUpdated": "2025-11-20T15:30:36.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12819 (GCVE-0-2025-12819)

Vulnerability from cvelistv5 – Published: 2025-12-03 19:00 – Updated: 2025-12-27 16:04
VLAI
Title
Untrusted search path in auth_query connection in PgBouncer
Summary
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
n/a PgBouncer Affected: 0 , < 1.25.1 (semver)
Credits
Thanks to Jason Tsang of Snowflake Inc. for finding this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12819",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T19:11:14.559731Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T19:11:59.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-27T16:04:17.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00033.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PgBouncer",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "track_extra_parameters includes search_path (non-default configuration) AND auth_user is set to a non-empty string (non-default configuration) AND auth_query is configured without fully-qualified object names (default configuration, the \u003c operator is not schema qualified)"
        },
        {
          "lang": "en",
          "value": "track_extra_parameters includes another security sensitive parameter (non-default configuration and extremely unlikely) and auth_user is set to a non-empty string (non-default configuration)"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Jason Tsang of Snowflake Inc. for finding this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T22:38:58.388Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.pgbouncer.org/changelog.html#pgbouncer-125x"
        }
      ],
      "title": "Untrusted search path in auth_query connection in PgBouncer",
      "workarounds": [
        {
          "lang": "en",
          "value": "Remove search_path and any other security sensitive parameters from track_extra_parameters"
        },
        {
          "lang": "en",
          "value": "ensure auth_query uses fully-qualified object and operator names (e.g., pg_catalog.current_user instead of current_user)"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2025-12819",
    "datePublished": "2025-12-03T19:00:09.063Z",
    "dateReserved": "2025-11-06T17:22:32.839Z",
    "dateUpdated": "2025-12-27T16:04:17.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12793 (GCVE-0-2025-12793)

Vulnerability from cvelistv5 – Published: 2026-01-06 02:14 – Updated: 2026-01-06 18:57
VLAI
Summary
An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://www.asus.com/security-advisory vendor-advisory
Impacted products
Vendor Product Version
ASUS ASCI Affected: Before v3.1.49.0
Affected: Before v1.1.37.0
Create a notification for this product.
ASUS ASCI Affected: Before v3.2.50.0
Create a notification for this product.
Credits
Daniel Rhea
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12793",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:20:04.567403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T18:57:12.443Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.asus.com/security-advisory"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit"
          ],
          "product": "ASCI",
          "vendor": "ASUS",
          "versions": [
            {
              "status": "affected",
              "version": "Before v3.1.49.0"
            },
            {
              "status": "affected",
              "version": "Before v1.1.37.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ARM"
          ],
          "product": "ASCI",
          "vendor": "ASUS",
          "versions": [
            {
              "status": "affected",
              "version": "Before v3.2.50.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Daniel Rhea"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.\u003cbr\u003eRefer to the \u0027\n\n\u003ca target=\"_blank\" rel=\"nofollow\"\u003eSecurity Update for MyASUS\u003c/a\u003e\u0027 section on the ASUS Security Advisory for more information."
            }
          ],
          "value": "An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution.\nRefer to the \u0027\n\nSecurity Update for MyASUS\u0027 section on the ASUS Security Advisory for more information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-06T02:14:37.216Z",
        "orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
        "shortName": "ASUS"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.asus.com/security-advisory"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
    "assignerShortName": "ASUS",
    "cveId": "CVE-2025-12793",
    "datePublished": "2026-01-06T02:14:37.216Z",
    "dateReserved": "2025-11-06T08:17:47.427Z",
    "dateUpdated": "2026-01-06T18:57:12.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12286 (GCVE-0-2025-12286)

Vulnerability from cvelistv5 – Published: 2025-10-27 14:02 – Updated: 2026-02-24 07:11
VLAI
Title
VeePN AVService avservice.exe unquoted search path
Summary
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a VeePN Affected: 1.6.0
Affected: 1.6.1
Affected: 1.6.2
    cpe:2.3:a:veepn:veepn:*:*:*:*:*:*:*:*
Credits
lakshay12311 (VulDB User) VulDB
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T16:51:22.080466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T16:51:45.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:veepn:veepn:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "AVService"
          ],
          "product": "VeePN",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.6.1"
            },
            {
              "status": "affected",
              "version": "1.6.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lakshay12311 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\\Program Files (x86)\\VeePN\\avservice\\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "Unquoted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T07:11:49.249Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-329954 | VeePN AVService avservice.exe unquoted search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.329954"
        },
        {
          "name": "VDB-329954 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.329954"
        },
        {
          "name": "Submit #672512 | VeePN 1.6.2 Unquoted Search Path",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.672512"
        },
        {
          "name": "Submit #682569 | VeePN 1.6.2  Unquoted Search Path (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.682569"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/VeePn.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-27T23:42:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "VeePN AVService avservice.exe unquoted search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-12286",
    "datePublished": "2025-10-27T14:02:08.168Z",
    "dateReserved": "2025-10-26T16:23:28.429Z",
    "dateUpdated": "2026-02-24T07:11:49.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12247 (GCVE-0-2025-12247)

Vulnerability from cvelistv5 – Published: 2025-10-27 08:02 – Updated: 2025-10-27 17:17
VLAI
Title
Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path
Summary
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Hasleo Backup Suite Affected: 5.0
Affected: 5.1
Affected: 5.2
Create a notification for this product.
Credits
lakshay12311 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12247",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-27T17:15:29.471103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-27T17:17:57.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HasleoImageMountService/HasleoBackupSuiteService"
          ],
          "product": "Backup Suite",
          "vendor": "Hasleo",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "5.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lakshay12311 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack\u0027s complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised."
        },
        {
          "lang": "de",
          "value": "In Hasleo Backup Suite up to 5.2 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente HasleoImageMountService/HasleoBackupSuiteService. Durch Manipulieren mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Sie gilt als schwierig ausnutzbar. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Ein Upgrade der betroffenen Komponente wird empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "Unquoted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-27T08:02:06.216Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-329918 | Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.329918"
        },
        {
          "name": "VDB-329918 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.329918"
        },
        {
          "name": "Submit #672549 | Hasleo Software Hasleo Backup Suite 5.2 Unquoted Search Path",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.672549"
        },
        {
          "name": "Submit #672548 | Hasleo Software Hasleo Backup Suite 5.2 Unquoted Search Path (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.672548"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hasleo%20Backup%20Suite%20ImageMountService.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Halseo%20Backupservice.md"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.easyuefi.com/backup-software/downloads/Hasleo_Backup_Suite_Free.exe"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-26T06:23:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-12247",
    "datePublished": "2025-10-27T08:02:06.216Z",
    "dateReserved": "2025-10-26T05:18:20.122Z",
    "dateUpdated": "2025-10-27T17:17:57.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11940 (GCVE-0-2025-11940)

Vulnerability from cvelistv5 – Published: 2025-10-19 08:32 – Updated: 2025-10-20 16:22
VLAI
Title
LibreWolf Installer setup.nsi uncontrolled search path
Summary
A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
n/a LibreWolf Affected: 143.0.4-1
Unaffected: 144.0-1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11940",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T16:22:43.208000Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-20T16:22:57.075Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://vuldb.com/?submit.671575"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Cyber-Wo0dy/report/blob/main/librewolf/143.0.4-1/librewolf_installer_exe_hijacking.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Installer"
          ],
          "product": "LibreWolf",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "143.0.4-1"
            },
            {
              "status": "unaffected",
              "version": "144.0-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "In LibreWolf up to 143.0.4-1 auf Windows ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Funktion der Datei assets/setup.nsi der Komponente Installer. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Durch ein Upgrade auf Version 144.0-1 kann dieses Problem behoben werden. Die Bezeichnung des Patches lautet dd10e31dd873e9cb309fad8aed921d45bf905a55. Die Aktualisierung der betroffenen Komponente wird empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-19T08:32:06.681Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-329019 | LibreWolf Installer setup.nsi uncontrolled search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.329019"
        },
        {
          "name": "VDB-329019 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.329019"
        },
        {
          "name": "Submit #671575 | LibreWolf Librewolf installer 143.0.4-1 EXE Hijacking",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.671575"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/Cyber-Wo0dy/report/blob/main/librewolf/143.0.4-1/librewolf_installer_exe_hijacking.md"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://codeberg.org/librewolf/bsys6/commit/dd10e31dd873e9cb309fad8aed921d45bf905a55"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://codeberg.org/librewolf/bsys6/releases/tag/144.0-1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-18T15:06:08.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "LibreWolf Installer setup.nsi uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11940",
    "datePublished": "2025-10-19T08:32:06.681Z",
    "dateReserved": "2025-10-18T13:00:52.267Z",
    "dateUpdated": "2025-10-20T16:22:57.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9267 (GCVE-0-2025-9267)

Vulnerability from cvelistv5 – Published: 2025-09-26 12:27 – Updated: 2025-09-29 14:37
VLAI
Summary
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-427 - Uncontrolled Search Path Element
  • CWE-426 - Untrusted Search Path
Assigner
Impacted products
Vendor Product Version
Seagate Toolkit Affected: 0 , < 2.35.0.6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9267",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-26T12:54:52.245929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-26T12:54:57.812Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-09-29T14:37:53.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/Tiger3080/CVE-2025-9267"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Toolkit",
          "vendor": "Seagate",
          "versions": [
            {
              "lessThan": "2.35.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eIn Seagate Toolkit on Windows a\u0026nbsp;vulnerability exists in the Toolkit Installer prior to\u0026nbsp;versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries.\n\n\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In Seagate Toolkit on Windows a\u00a0vulnerability exists in the Toolkit Installer prior to\u00a0versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-471",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-471 Search Order Hijacking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-26T12:27:51.651Z",
        "orgId": "c6156efd-4bd0-48d7-8520-680200527478",
        "shortName": "Seagate"
      },
      "references": [
        {
          "url": "https://www.seagate.com/product-security/#security-advisories"
        },
        {
          "url": "https://www.seagate.com/support/software/toolkit/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c6156efd-4bd0-48d7-8520-680200527478",
    "assignerShortName": "Seagate",
    "cveId": "CVE-2025-9267",
    "datePublished": "2025-09-26T12:27:51.651Z",
    "dateReserved": "2025-08-20T14:44:11.379Z",
    "dateUpdated": "2025-09-29T14:37:53.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9016 (GCVE-0-2025-9016)

Vulnerability from cvelistv5 – Published: 2025-08-15 06:32 – Updated: 2025-08-15 12:13
VLAI
Title
Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path
Summary
A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Mechrevo Control Center GX V2 Affected: 5.56.51.48
Create a notification for this product.
Credits
pipapupa (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9016",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-15T12:13:52.036258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-15T12:13:55.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://vuldb.com/?submit.624900"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Powershell Script Handler"
          ],
          "product": "Control Center GX V2",
          "vendor": "Mechrevo",
          "versions": [
            {
              "status": "affected",
              "version": "5.56.51.48"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pipapupa (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\\Program Files\\OEM\\\u673a\u68b0\u9769\u547d\u63a7\u5236\u4e2d\u5fc3\\AiStoneService\\MyControlCenter\\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Es geht dabei um eine nicht klar definierte Funktion der Datei C:\\Program Files\\OEM\\\u673a\u68b0\u9769\u547d\u63a7\u5236\u4e2d\u5fc3\\AiStoneService\\MyControlCenter\\Command der Komponente Powershell Script Handler. Dank der Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T06:32:05.308Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-320067 | Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.320067"
        },
        {
          "name": "VDB-320067 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.320067"
        },
        {
          "name": "Submit #624900 | Mechrevo Control Center GX V2 5.56.51.48 Elevation Of Privilege",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.624900"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.proton.me/urls/7QYSEW6734#H3N4fQ3mw6gX"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-13T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-13T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-13T23:52:04.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9016",
    "datePublished": "2025-08-15T06:32:05.308Z",
    "dateReserved": "2025-08-13T21:46:52.819Z",
    "dateUpdated": "2025-08-15T12:13:55.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.

Mitigation
Implementation

When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.

Mitigation
Implementation

Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.

Mitigation
Implementation

Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.

Mitigation
Implementation

Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.

CAPEC-38: Leveraging/Manipulating Configuration File Search Paths

This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.