CWE-426
Allowed-with-ReviewUntrusted Search Path
Abstraction: Base · Status: Stable
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
892 vulnerabilities reference this CWE, most recent first.
CVE-2025-49124 (GCVE-0-2025-49124)
Vulnerability from cvelistv5 – Published: 2025-06-16 14:22 – Updated: 2025-10-29 14:25- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.7
(semver)
Affected: 10.1.0 , ≤ 10.1.41 (semver) Affected: 9.0.23 , ≤ 9.0.105 (semver) Affected: 8.5.44 , ≤ 8.5.100 (semver) Affected: 7.0.95 , ≤ 7.0.109 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-16T20:03:24.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/16/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-49124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:03:41.847617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:25:42.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.7",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.41",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.105",
"status": "affected",
"version": "9.0.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.109",
"status": "affected",
"version": "7.0.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T. Do\u011fa Geli\u015fli https://linkedin.com/in/tdogagelisli/"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUntrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109.\u0026nbsp;Other EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\u003c/p\u003e"
}
],
"value": "Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109.\u00a0Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:44:28.762Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-49124",
"datePublished": "2025-06-16T14:22:16.288Z",
"dateReserved": "2025-06-02T08:34:46.719Z",
"dateUpdated": "2025-10-29T14:25:42.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43079 (GCVE-0-2025-43079)
Vulnerability from cvelistv5 – Published: 2025-11-10 17:10 – Updated: 2026-03-18 17:10- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | |
|---|---|---|---|
| Qualys Inc | Qualys Agent |
Affected:
5.0 , < 7.2.3
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
3.12 , < 7.1.0
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
4.17 , < 6.0.0
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 6.2.1
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 6.3.1
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 3.31.1-8
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 3.21.1-6
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 4.2.6
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 5.0.3
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 5.0.2
(custom)
|
|
| Qualys Inc | Qualys Agent |
Affected:
0 , < 6.0.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-11T04:55:38.944965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:03.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "7.2.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"BSD"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "3.12",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"IBM AIX"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "4.17",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"x86",
"64 bit"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "6.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS (M Series Silicon CPU)"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "6.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"zLinux"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "3.31.1-8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PPC"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "3.21.1-6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"CoreOS"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "4.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Bottlerocket Intel"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"GoogleCOS"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "5.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Bottlerocket",
"ARM"
],
"product": "Qualys Agent",
"vendor": "Qualys Inc",
"versions": [
{
"lessThan": "6.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eLocal access to the system (the attacker must be local).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eAbility to run sudo or root (the uninstall script requires sudo at minimum for execution or must be run as root).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eAbility to modify $PATH (temporarily in the shell session used to launch the uninstall script, or persistently via writable shell configuration files such as ~/.bashrc, ~/.zshrc).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eExecution of qagent_uninstall.sh within the compromised environment where $PATH points to attacker-controlled locations.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eBecause exploitation requires the ability to run sudo (or be root), the vulnerability is not remotely exploitable by default \u2014 it relies on local privilege and environment manipulation, but the consequences are elevated (execution under high privilege). \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "* Local access to the system (the attacker must be local).\n\n\n * Ability to run sudo or root (the uninstall script requires sudo at minimum for execution or must be run as root).\n\n\n * Ability to modify $PATH (temporarily in the shell session used to launch the uninstall script, or persistently via writable shell configuration files such as ~/.bashrc, ~/.zshrc).\n\n\n * Execution of qagent_uninstall.sh within the compromised environment where $PATH points to attacker-controlled locations.\n\n\n\n\n\n\nBecause exploitation requires the ability to run sudo (or be root), the vulnerability is not remotely exploitable by default \u2014 it relies on local privilege and environment manipulation, but the consequences are elevated (execution under high privilege)."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:linux:*:*:*:*:*",
"versionEndExcluding": "7.2.3",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:bsd:*:*:*:*:*",
"versionEndExcluding": "7.1.0",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:ibm_aix:*:*:*:*:*",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:macos:*:*:*:*:*",
"versionEndExcluding": "6.2.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:x86:*:*:*:*:*",
"versionEndExcluding": "6.2.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:64_bit:*:*:*:*:*",
"versionEndExcluding": "6.2.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:macos_m_series_silicon_cpu_:*:*:*:*:*",
"versionEndExcluding": "6.3.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:zlinux:*:*:*:*:*",
"versionEndExcluding": "3.31.1-8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:ppc:*:*:*:*:*",
"versionEndExcluding": "3.21.1-6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:coreos:*:*:*:*:*",
"versionEndExcluding": "4.2.6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:bottlerocket_intel:*:*:*:*:*",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:googlecos:*:*:*:*:*",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:bottlerocket:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qualys_inc:qualys_agent:*:*:arm:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brent Zaltsman (AfricanHipp0)"
}
],
"datePublic": "2025-11-10T16:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eThe Qualys Cloud Agent included a bundled uninstall script (\u003c/span\u003e\u003cspan\u003eqagent_uninstall.sh\u003c/span\u003e\u003cspan\u003e), specific to Mac and Linux supported versions that invoked multiple system commands \u003c/span\u003e\u003cspan\u003ewithout using absolute paths and without sanitizing the \u003c/span\u003e\u003cspan\u003e$PATH\u003c/span\u003e\u003cspan\u003e environment\u003c/span\u003e\u003cspan\u003e. If the uninstall script is executed with elevated privileges (e.g., via \u003c/span\u003e\u003cspan\u003esudo\u003c/span\u003e\u003cspan\u003e) in an environment where \u003c/span\u003e\u003cspan\u003e$PATH\u003c/span\u003e\u003cspan\u003e has been manipulated, an attacker with \u003c/span\u003e\u003cspan\u003eroot\u003c/span\u003e\u003cspan\u003e/\u003c/span\u003e\u003cspan\u003esudo\u003c/span\u003e\u003cspan\u003e privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges.\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T17:10:59.799Z",
"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda",
"shortName": "Qualys"
},
"references": [
{
"url": "https://www.qualys.com/security-advisories/cve-2025-43079"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are advised to update to non-affected versions of Qualys product\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Customers are advised to update to non-affected versions of Qualys product."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation via qagent_uninstall.sh Qualys Cloud Agents",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers are advised to check workaround solutions listed on\u0026nbsp;\n\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.qualys.com/security-advisories/cve-2025-43079\"\u003ehttps://www.qualys.com/security-advisories/cve-2025-43079\u003c/a\u003e"
}
],
"value": "Customers are advised to check workaround solutions listed on\u00a0\n\n https://www.qualys.com/security-advisories/cve-2025-43079"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda",
"assignerShortName": "Qualys",
"cveId": "CVE-2025-43079",
"datePublished": "2025-11-10T17:10:31.066Z",
"dateReserved": "2025-04-16T14:43:29.660Z",
"dateUpdated": "2026-03-18T17:10:59.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40945 (GCVE-0-2025-40945)
Vulnerability from cvelistv5 – Published: 2026-07-14 09:19 – Updated: 2026-07-14 12:16- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | COMOS V10.4.5 |
Affected:
0 , < V10.4.5.0.2
(custom)
|
|
| Siemens | COMOS V10.6 |
Affected:
0 , < V10.6.1
(custom)
|
|
| Siemens | Designcenter NX |
Affected:
0 , < V2512.7000
(custom)
|
|
| Siemens | Simcenter 3D |
Affected:
0 , < V2512.7000
(custom)
|
|
| Siemens | Simcenter Femap V2506 |
Affected:
0 , < V2506.0003
(custom)
|
|
| Siemens | Simcenter Femap V2512 |
Affected:
0 , < V2512.0002
(custom)
|
|
| Siemens | Simcenter Nastran |
Affected:
0 , < V2606
(custom)
|
|
| Siemens | Simcenter STAR-CCM+ |
Affected:
0 , < V2606
(custom)
|
|
| Siemens | Solid Edge SE2025 |
Affected:
0 , < V225.0 Update 13
(custom)
|
|
| Siemens | Solid Edge SE2026 |
Affected:
0 , < V226.0 Update 04
(custom)
|
|
| Siemens | Teamcenter Visualization V2412 |
Affected:
0 , < V2412.0012
(custom)
|
|
| Siemens | Teamcenter Visualization V2506 |
Affected:
0 , < V2506.0009
(custom)
|
|
| Siemens | Teamcenter Visualization V2512 |
Affected:
0 , < V2512.2605
(custom)
|
|
| Siemens | Tecnomatix Plant Simulation V2404 |
Affected:
0 , < V2404.0022
(custom)
|
|
| Siemens | Tecnomatix Plant Simulation V2504 |
Affected:
0 , < V2504.0010
(custom)
|
|
| Siemens | Tecnomatix Process Simulate |
Affected:
0 , < V2606
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:16:50.783446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:16:59.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "COMOS V10.4.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.4.5.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "COMOS V10.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Designcenter NX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.7000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter 3D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.7000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter Femap V2506",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506.0003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter Femap V2512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.0002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter Nastran",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2606",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter STAR-CCM+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2606",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2025",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V225.0 Update 13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2026",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V226.0 Update 04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V2412",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2412.0012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V2506",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506.0009",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Teamcenter Visualization V2512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.2605",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Plant Simulation V2404",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2404.0022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Plant Simulation V2504",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2504.0010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Process Simulate",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2606",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in COMOS V10.4.5 (All versions \u003c V10.4.5.0.2), COMOS V10.6 (All versions \u003c V10.6.1), Designcenter NX (All versions \u003c V2512.7000), Simcenter 3D (All versions \u003c V2512.7000), Simcenter Femap V2506 (All versions \u003c V2506.0003), Simcenter Femap V2512 (All versions \u003c V2512.0002), Simcenter Nastran (All versions \u003c V2606), Simcenter STAR-CCM+ (All versions \u003c V2606), Solid Edge SE2025 (All versions \u003c V225.0 Update 13), Solid Edge SE2026 (All versions \u003c V226.0 Update 04), Teamcenter Visualization V2412 (All versions \u003c V2412.0012), Teamcenter Visualization V2506 (All versions \u003c V2506.0009), Teamcenter Visualization V2512 (All versions \u003c V2512.2605), Tecnomatix Plant Simulation V2404 (All versions \u003c V2404.0022), Tecnomatix Plant Simulation V2504 (All versions \u003c V2504.0010), Tecnomatix Process Simulate (All versions \u003c V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T09:19:08.857Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-288252.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40945",
"datePublished": "2026-07-14T09:19:08.857Z",
"dateReserved": "2025-04-16T09:06:15.879Z",
"dateUpdated": "2026-07-14T12:16:59.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40909 (GCVE-0-2025-40909)
Vulnerability from cvelistv5 – Published: 2025-05-30 12:20 – Updated: 2026-04-18 14:15{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-18T14:15:40.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/30/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/03/1"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/55"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/54"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00018.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-40909",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:05:00.839656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:09:50.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "perl",
"programRoutines": [
{
"name": "threads"
}
],
"repo": "https://github.com/perl/perl5",
"vendor": "perl",
"versions": [
{
"lessThan": "5.41.13",
"status": "affected",
"version": "5.13.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vincent Lefevre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Perl threads have a working directory race condition where file operations may target unintended paths.\u003cbr\u003e\u003cbr\u003eIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u0026nbsp;that handle for the new thread, which is visible from any third (or\u0026nbsp;more) thread already running. \u003cbr\u003e\u003cbr\u003eThis may lead to unintended operations\u0026nbsp;such as loading code or accessing files from unexpected locations,\u0026nbsp;which a local attacker may be able to exploit.\u003cbr\u003e\u003cbr\u003eThe bug was introduced in commit\u0026nbsp;11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
}
],
"value": "Perl threads have a working directory race condition where file operations may target unintended paths.\n\nIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u00a0that handle for the new thread, which is visible from any third (or\u00a0more) thread already running. \n\nThis may lead to unintended operations\u00a0such as loading code or accessing files from unexpected locations,\u00a0which a local attacker may be able to exploit.\n\nThe bug was introduced in commit\u00a011a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-689",
"description": "CWE-689 Permission Race Condition During Resource Copy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T13:24:00.827Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch"
},
{
"tags": [
"mailing-list",
"exploit"
],
"url": "https://www.openwall.com/lists/oss-security/2025/05/22/2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Perl/perl5/issues/23010"
},
{
"tags": [
"related"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226"
},
{
"tags": [
"related"
],
"url": "https://github.com/Perl/perl5/issues/10387"
},
{
"tags": [
"related"
],
"url": "https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads"
},
{
"tags": [
"related"
],
"url": "https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update perl to an unaffected version, or apply the patch provided in the references section."
}
],
"value": "Update perl to an unaffected version, or apply the patch provided in the references section."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Perl threads have a working directory race condition where file operations may target unintended paths",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-40909",
"datePublished": "2025-05-30T12:20:11.237Z",
"dateReserved": "2025-04-16T09:05:34.360Z",
"dateUpdated": "2026-04-18T14:15:40.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-39666 (GCVE-0-2025-39666)
Vulnerability from cvelistv5 – Published: 2026-04-07 12:09 – Updated: 2026-04-07 13:18| URL | Tags |
|---|---|
| https://checkmk.com/werk/18891 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Checkmk GmbH | Checkmk |
Affected:
2.2.0
(semver)
Affected: 2.3.0 , < 2.3.0p46 (semver) Affected: 2.4.0 , < 2.4.0p25 (semver) Affected: 2.5.0b1 , < 2.5.0b3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:18:12.687066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:18:19.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.3.0p46",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThan": "2.4.0p25",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThan": "2.5.0b3",
"status": "affected",
"version": "2.5.0b1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.0p46",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.0p25",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.0b3",
"versionStartIncluding": "2.5.0b1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471: Search Order Hijacking"
}
]
},
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17: Accessing, Modifying or Executing Executable Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T12:09:07.609Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://checkmk.com/werk/18891"
}
],
"title": "omd: Local privilege escalation when executing omd commands as root",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2025-39666",
"datePublished": "2026-04-07T12:09:07.609Z",
"dateReserved": "2025-04-16T07:07:38.257Z",
"dateUpdated": "2026-04-07T13:18:19.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31480 (GCVE-0-2025-31480)
Vulnerability from cvelistv5 – Published: 2025-04-04 14:49 – Updated: 2025-04-04 14:57- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://github.com/aiven/aiven-extras/security/ad… | x_refsource_CONFIRM |
| https://github.com/aiven/aiven-extras/commit/77b5… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| aiven | aiven-extras |
Affected:
< 1.1.16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:57:39.462536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:57:54.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiven-extras",
"vendor": "aiven",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO \u00271.1.16\u0027 after installing it. This needs to happen in each database aiven_extras has been installed in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:49:30.863Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-33xh-jqgf-6627",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aiven/aiven-extras/security/advisories/GHSA-33xh-jqgf-6627"
},
{
"name": "https://github.com/aiven/aiven-extras/commit/77b5f19a0c1d196bc741ff5c774f85fe7ca3063b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aiven/aiven-extras/commit/77b5f19a0c1d196bc741ff5c774f85fe7ca3063b"
}
],
"source": {
"advisory": "GHSA-33xh-jqgf-6627",
"discovery": "UNKNOWN"
},
"title": "aiven-extras allows PostgreSQL Privilege Escalation through format function"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-31480",
"datePublished": "2025-04-04T14:49:30.863Z",
"dateReserved": "2025-03-28T13:36:51.297Z",
"dateUpdated": "2025-04-04T14:57:54.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30407 (GCVE-0-2025-30407)
Vulnerability from cvelistv5 – Published: 2025-03-26 21:32 – Updated: 2026-02-26 19:09| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 39713
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T03:55:19.722136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:10.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39713",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T21:32:30.085Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-8414",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-8414"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2025-30407",
"datePublished": "2025-03-26T21:32:30.085Z",
"dateReserved": "2025-03-21T21:04:39.510Z",
"dateUpdated": "2026-02-26T19:09:10.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30399 (GCVE-0-2025-30399)
Vulnerability from cvelistv5 – Published: 2025-06-13 01:08 – Updated: 2026-02-20 16:00- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.17
(custom)
|
|
| Microsoft | .NET 9.0 |
Affected:
9.0.0 , < 9.0.6
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Affected:
17.10.0 , < 17.10.16
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.12 |
Affected:
17.12.0 , < 17.12.9
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.5
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.22
(custom)
|
|
| Microsoft | PowerShell 7.4 |
Affected:
7.4.0 , < 7.4.11
(custom)
|
|
| Microsoft | PowerShell 7.5 |
Affected:
7.5.0 , < 7.5.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:46:01.058158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:46:09.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.17",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.16",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.9",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.5",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.22",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"product": "PowerShell 7.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
}
]
},
{
"product": "PowerShell 7.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.4.11",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.5.2",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.17",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.22",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.16",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.5",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-06-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:32.339Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-30399",
"datePublished": "2025-06-13T01:08:00.208Z",
"dateReserved": "2025-03-21T19:09:29.816Z",
"dateUpdated": "2026-02-20T16:00:32.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27743 (GCVE-0-2025-27743)
Vulnerability from cvelistv5 – Published: 2025-04-08 17:23 – Updated: 2026-02-13 19:32- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | System Center Data Protection Manager 2019 |
Affected:
-
|
|
| Microsoft | System Center Data Protection Manager 2022 |
Affected:
-
|
|
| Microsoft | System Center Data Protection Manager 2025 |
Affected:
-
|
|
| Microsoft | System Center Operations Manager 2019 |
Affected:
-
|
|
| Microsoft | System Center Operations Manager 2022 |
Affected:
-
|
|
| Microsoft | System Center Operations Manager 2025 |
Affected:
-
|
|
| Microsoft | System Center Orchestrator 2019 |
Affected:
-
|
|
| Microsoft | System Center Orchestrator 2022 |
Affected:
-
|
|
| Microsoft | System Center Orchestrator 2025 |
Affected:
-
|
|
| Microsoft | System Center Service Manager 2019 |
Affected:
-
|
|
| Microsoft | System Center Service Manager 2022 |
Affected:
-
|
|
| Microsoft | System Center Service Manager 2025 |
Affected:
-
|
|
| Microsoft | System Center Virtual Machine Manager 2019 |
Affected:
-
|
|
| Microsoft | System Center Virtual Machine Manager 2022 |
Affected:
-
|
|
| Microsoft | System Center Virtual Machine Manager 2025 |
Affected:
-
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T19:57:39.876585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T19:57:50.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "System Center Data Protection Manager 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Data Protection Manager 2022",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Data Protection Manager 2025",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Operations Manager 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Operations Manager 2022",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Operations Manager 2025",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Orchestrator 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Orchestrator 2022",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Orchestrator 2025",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Service Manager 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Service Manager 2022",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Service Manager 2025",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Virtual Machine Manager 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Virtual Machine Manager 2022",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": "System Center Virtual Machine Manager 2025",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:system_center_virtual_machine_manager_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_virtual_machine_manager_2019:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_virtual_machine_manager_2025:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_data_protection_manager_2025:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_data_protection_manager_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_data_protection_manager_2019:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_orchestrator_2019:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_orchestrator_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_orchestrator_2025:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_service_manager_2019:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_service_manager_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_service_manager_2025:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager_2019:*:-:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager_2022:*:-:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager_2025:*:-:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Untrusted search path in System Center allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:32:43.265Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft System Center Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743"
}
],
"title": "Microsoft System Center Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-27743",
"datePublished": "2025-04-08T17:23:25.628Z",
"dateReserved": "2025-03-06T04:26:08.553Z",
"dateUpdated": "2026-02-13T19:32:43.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27167 (GCVE-0-2025-27167)
Vulnerability from cvelistv5 – Published: 2025-03-11 18:00 – Updated: 2025-03-11 18:31- CWE-426 - Untrusted Search Path (CWE-426)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/illustr… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Illustrator |
Affected:
0 , ≤ 28.7.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T18:28:42.085246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:31:11.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Illustrator",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "28.7.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-03-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:00:29.239Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/illustrator/apsb25-17.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Illustrator | Untrusted Search Path (CWE-426)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-27167",
"datePublished": "2025-03-11T18:00:29.239Z",
"dateReserved": "2025-02-19T22:28:19.017Z",
"dateUpdated": "2025-03-11T18:31:11.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Attack Surface Reduction
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Mitigation
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Mitigation
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Mitigation
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Mitigation
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CAPEC-38: Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.