Common Weakness Enumeration

CWE-426

Allowed-with-Review

Untrusted Search Path

Abstraction: Base · Status: Stable

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

892 vulnerabilities reference this CWE, most recent first.

CVE-2025-4532 (GCVE-0-2025-4532)

Vulnerability from cvelistv5 – Published: 2025-05-11 06:00 – Updated: 2025-05-12 13:45
VLAI
Title
Shanghai Bairui Information Technology SunloginClient sunlogin_guard.exe uncontrolled search path
Summary
A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Credits
Ba1_Ma0 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4532",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T13:45:03.001317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T13:45:39.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SunloginClient",
          "vendor": "Shanghai Bairui Information Technology",
          "versions": [
            {
              "status": "affected",
              "version": "15.8.3.19819"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ba1_Ma0 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion in der Bibliothek process.dll der Datei sunlogin_guard.exe. Mit der Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-11T06:00:10.356Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-308277 | Shanghai Bairui Information Technology SunloginClient sunlogin_guard.exe uncontrolled search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.308277"
        },
        {
          "name": "VDB-308277 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.308277"
        },
        {
          "name": "Submit #566141 | Shanghai Bairui Information Technology Co., Ltd SunloginClient 15.8.3.19819 privilege escalation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.566141"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/ey9gzmpiqfltiici?singleDoc"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-10T07:51:31.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Shanghai Bairui Information Technology SunloginClient sunlogin_guard.exe uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4532",
    "datePublished": "2025-05-11T06:00:10.356Z",
    "dateReserved": "2025-05-10T05:46:04.874Z",
    "dateUpdated": "2025-05-12T13:45:39.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4525 (GCVE-0-2025-4525)

Vulnerability from cvelistv5 – Published: 2025-05-10 22:31 – Updated: 2025-05-12 14:39
VLAI
Title
Discord WINSTA.dll uncontrolled search path
Summary
A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Discord Affected: 1.0.9188
Credits
shellkraft (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4525",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T14:39:07.558654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T14:39:10.569Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Discord",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.9188"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "shellkraft (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Discord 1.0.9188 f\u00fcr Windows entdeckt. Davon betroffen ist unbekannter Code in der Bibliothek WINSTA.dll. Mittels Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-10T22:31:05.153Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-308270 | Discord WINSTA.dll uncontrolled search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.308270"
        },
        {
          "name": "VDB-308270 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.308270"
        },
        {
          "name": "Submit #562788 | Discord 1.0.9188 Uncontrolled Search Path",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.562788"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-10T07:28:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Discord WINSTA.dll uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4525",
    "datePublished": "2025-05-10T22:31:05.153Z",
    "dateReserved": "2025-05-10T05:23:23.132Z",
    "dateUpdated": "2025-05-12T14:39:10.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4455 (GCVE-0-2025-4455)

Vulnerability from cvelistv5 – Published: 2025-05-09 02:31 – Updated: 2025-05-09 03:33
VLAI
Title
Patch My PC Home Updater System.IO uncontrolled search path
Summary
A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Patch My PC Home Updater Affected: 5.1.0
Affected: 5.1.1
Affected: 5.1.2
Affected: 5.1.3.0
Create a notification for this product.
Credits
shellkraft (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4455",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-09T03:33:20.223418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-09T03:33:59.816Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Home Updater",
          "vendor": "Patch My PC",
          "versions": [
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.1.1"
            },
            {
              "status": "affected",
              "version": "5.1.2"
            },
            {
              "status": "affected",
              "version": "5.1.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "shellkraft (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Patch My PC Home Updater bis 5.1.3.0 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion in der Bibliothek advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. Durch die Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-09T02:31:04.290Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-308069 | Patch My PC Home Updater System.IO uncontrolled search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.308069"
        },
        {
          "name": "VDB-308069 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.308069"
        },
        {
          "name": "Submit #562440 | Patch My Pc  Patch My PC Home Updater \u003c=5.1.3.0 Uncontrolled Search Path",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.562440"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/shellkraft/d7db265b53115d52a4ca5bffe5e9c6e4"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-08T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-08T20:57:03.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Patch My PC Home Updater System.IO uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4455",
    "datePublished": "2025-05-09T02:31:04.290Z",
    "dateReserved": "2025-05-08T18:51:56.627Z",
    "dateUpdated": "2025-05-09T03:33:59.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4272 (GCVE-0-2025-4272)

Vulnerability from cvelistv5 – Published: 2025-05-05 11:00 – Updated: 2025-05-05 12:32
VLAI
Title
Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path
Summary
A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Mechrevo Control Console Affected: 1.0.2.70
Create a notification for this product.
Credits
Ba1_Ma0 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4272",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-05T12:32:38.631177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T12:32:51.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "GCUService"
          ],
          "product": "Control Console",
          "vendor": "Mechrevo",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.2.70"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ba1_Ma0 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\\Program Files\\OEM\\MECHREVO Control Center\\UniwillService\\MyControlCenter\\csCAPI.dll of the component GCUService. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Mechrevo Control Console 1.0.2.70 ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion in der Bibliothek C:\\Program Files\\OEM\\MECHREVO Control Center\\UniwillService\\MyControlCenter\\csCAPI.dll der Komponente GCUService. Durch die Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-05T11:00:07.406Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-307376 | Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.307376"
        },
        {
          "name": "VDB-307376 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.307376"
        },
        {
          "name": "Submit #563468 | MECHREVO Control Console 1.0.2.70  Elevation Of Privilege",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.563468"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/bhd5ckqugggmpttp?singleDoc"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1VKhLyW0oglACkt-5PgTtN9oRB2jMczeh/view?usp=sharing"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-05T12:56:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4272",
    "datePublished": "2025-05-05T11:00:07.406Z",
    "dateReserved": "2025-05-04T18:28:23.181Z",
    "dateUpdated": "2025-05-05T12:32:51.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2501 (GCVE-0-2025-2501)

Vulnerability from cvelistv5 – Published: 2025-05-30 19:14 – Updated: 2026-02-26 18:27
VLAI
Summary
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Lenovo PC Manager Affected: 0 , < 5.1.110.5082 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2501",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T03:55:13.342417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:27:50.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PC Manager",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.1.110.5082",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.1.110.5082",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.\u003c/span\u003e"
            }
          ],
          "value": "An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-30T19:14:14.040Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://iknow.lenovo.com.cn/detail/428586"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate PC Manager to version 5.1.110.5082 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Update PC Manager to version 5.1.110.5082 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2025-2501",
    "datePublished": "2025-05-30T19:14:14.040Z",
    "dateReserved": "2025-03-18T14:58:48.759Z",
    "dateUpdated": "2026-02-26T18:27:50.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1804 (GCVE-0-2025-1804)

Vulnerability from cvelistv5 – Published: 2025-03-01 18:31 – Updated: 2025-03-07 19:52
VLAI
Title
Blizzard Battle.Net profapi.dll uncontrolled search path
Summary
A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.298040 vdb-entrytechnical-description
https://vuldb.com/?ctiid.298040 signaturepermissions-required
https://vuldb.com/?submit.485034 third-party-advisory
Impacted products
Vendor Product Version
Blizzard Battle.Net Affected: 2.39.0.15212
Create a notification for this product.
Credits
Fergod (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1804",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-03T17:16:33.571072Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T20:34:06.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Battle.Net",
          "vendor": "Blizzard",
          "versions": [
            {
              "status": "affected",
              "version": "2.39.0.15212"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Fergod (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Blizzard Battle.Net bis 2.39.0.15212 f\u00fcr Windows gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code in der Bibliothek profapi.dll. Mittels Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-07T19:52:42.595Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-298040 | Blizzard Battle.Net profapi.dll uncontrolled search path",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.298040"
        },
        {
          "name": "VDB-298040 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.298040"
        },
        {
          "name": "Submit #485034 | Blizzard Battle.net 2.39.0.15212 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.485034"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-01T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-07T20:57:38.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Blizzard Battle.Net profapi.dll uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-1804",
    "datePublished": "2025-03-01T18:31:04.185Z",
    "dateReserved": "2025-03-01T00:12:16.028Z",
    "dateUpdated": "2025-03-07T19:52:42.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1756 (GCVE-0-2025-1756)

Vulnerability from cvelistv5 – Published: 2025-02-27 15:28 – Updated: 2025-02-27 16:06
VLAI
Title
MongoDB Shell may be susceptible to local privilege escalation in Windows
Summary
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MongoDB Inc mongosh Affected: 0 , < 2.3.0 (custom)
    cpe:2.3:a:mongodb:mongosh:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:0.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.90:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.91:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:1.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongosh:2.2.15:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2025-02-27 13:15
Credits
T. Doğa Gelişli
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T16:02:07.276063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T16:06:31.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2025:1756"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongosh:0.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.7.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.8.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.10.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.11.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.12.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.13.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.14.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.15.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.15.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:0.15.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.8.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.90:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.91:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.10.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.10.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.10.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.10.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.10.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:1.10.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongosh:2.2.15:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "mongosh",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "2.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOnly environments with Windows as the underlying operating system is affected by this issue\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Only environments with Windows as the underlying operating system is affected by this issue"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "T. Do\u011fa Geli\u015fli"
        }
      ],
      "datePublic": "2025-02-27T13:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003emongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user\u0027s system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0\u003c/p\u003e"
            }
          ],
          "value": "mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user\u0027s system with elevated privilege, when a crafted file is stored in C:\\node_modules\\. This issue affects mongosh prior to 2.3.0"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T15:28:11.633Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/MONGOSH-2028"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MongoDB Shell may be susceptible to local privilege escalation in Windows",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2025-1756",
    "datePublished": "2025-02-27T15:28:11.633Z",
    "dateReserved": "2025-02-27T13:02:02.998Z",
    "dateUpdated": "2025-02-27T16:06:31.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1755 (GCVE-0-2025-1755)

Vulnerability from cvelistv5 – Published: 2025-02-27 15:24 – Updated: 2025-02-27 16:07
VLAI
Title
MongoDB Compass may be susceptible to local privilege escalation in Windows
Summary
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MongoDB Inc MongoDB Compass Affected: 0 , < 1.42.1 (custom)
    cpe:2.3:a:mongodb:compass:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.28.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.29.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.29.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.29.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.31.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.31.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.31.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.32.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.32.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.32.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.33.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.34.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.34.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2025-02-27 13:08
Credits
T. Doğa Gelişli
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T16:07:15.336525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T16:07:45.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2025:1755.html"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:compass:1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.20:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.21:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.22:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.23:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.24.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.25.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.26.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.26.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.28.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.28.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.29.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.29.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.29.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.30.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.31.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.31.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.31.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.31.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.32.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.32.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.32.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.32.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.33.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.33.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.34.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.34.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.41.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Compass",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "1.42.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cp\u003eOnly environments with Windows as the underlying operating system is affected by this issue\u003c/p\u003e\u003c/div\u003e"
            }
          ],
          "value": "Only environments with Windows as the underlying operating system is affected by this issue"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "T. Do\u011fa Geli\u015fli"
        }
      ],
      "datePublic": "2025-02-27T13:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user\u0027s system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1\u003c/p\u003e"
            }
          ],
          "value": "MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user\u0027s system with elevated privileges, when a crafted file is stored in C:\\node_modules\\. This issue affects MongoDB Compass prior to 1.42.1"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T15:24:07.174Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/COMPASS-9058"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MongoDB Compass may be susceptible to local privilege escalation in Windows",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2025-1755",
    "datePublished": "2025-02-27T15:24:07.174Z",
    "dateReserved": "2025-02-27T13:02:01.480Z",
    "dateUpdated": "2025-02-27T16:07:45.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1398 (GCVE-0-2025-1398)

Vulnerability from cvelistv5 – Published: 2025-03-17 14:19 – Updated: 2025-03-31 15:38
VLAI
Title
macOS TCC Bypass via Code Injection
Summary
Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 0 , ≤ 5.10.0 (semver)
Unaffected: 5.11.0
Create a notification for this product.
Credits
nullevent
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1398",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T18:36:20.530898Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T18:38:37.183Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "5.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.11.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "nullevent"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMattermost Desktop App versions \u0026lt;=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.\u003c/p\u003e"
            }
          ],
          "value": "Mattermost Desktop App versions \u003c=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-31T15:38:58.774Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost Desktop App to versions 5.11.0 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost Desktop App to versions 5.11.0 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2024-00403",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-61724"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "macOS TCC Bypass via Code Injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-1398",
    "datePublished": "2025-03-17T14:19:51.718Z",
    "dateReserved": "2025-02-17T15:58:13.659Z",
    "dateUpdated": "2025-03-31T15:38:58.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1353 (GCVE-0-2025-1353)

Vulnerability from cvelistv5 – Published: 2025-02-16 15:00 – Updated: 2025-02-26 01:20 Disputed
VLAI
Title
Kong Insomnia profapi.dll untrusted search path
Summary
A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.295961 vdb-entrytechnical-description
https://vuldb.com/?ctiid.295961 signaturepermissions-required
https://vuldb.com/?submit.496010 third-party-advisory
Impacted products
Vendor Product Version
Kong Insomnia Affected: 10.0
Affected: 10.1
Affected: 10.2
Affected: 10.3
Create a notification for this product.
Credits
Fergod (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T14:08:24.965656Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T14:08:31.345Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Insomnia",
          "vendor": "Kong",
          "versions": [
            {
              "status": "affected",
              "version": "10.0"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.2"
            },
            {
              "status": "affected",
              "version": "10.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Fergod (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Kong Insomnia bis 10.3.0 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion in der Bibliothek profapi.dll. Mittels Manipulieren mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-26T01:20:10.591Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-295961 | Kong Insomnia profapi.dll untrusted search path",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.295961"
        },
        {
          "name": "VDB-295961 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.295961"
        },
        {
          "name": "Submit #496010 | Kong Insomnia 10.3.0 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.496010"
        }
      ],
      "tags": [
        "disputed"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-02-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-02-26T02:25:03.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Kong Insomnia profapi.dll untrusted search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-1353",
    "datePublished": "2025-02-16T15:00:12.621Z",
    "dateReserved": "2025-02-15T15:19:23.040Z",
    "dateUpdated": "2025-02-26T01:20:10.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.

Mitigation
Implementation

When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.

Mitigation
Implementation

Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.

Mitigation
Implementation

Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.

Mitigation
Implementation

Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.

CAPEC-38: Leveraging/Manipulating Configuration File Search Paths

This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.