FKIE_CVE-2025-49148

Vulnerability from fkie_nvd - Published: 2025-06-11 15:15 - Updated: 2025-06-12 16:06
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
References
security-advisories@github.comhttps://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5."
    },
    {
      "lang": "es",
      "value": "ClipShare es una herramienta ligera y multiplataforma para compartir el portapapeles. Antes de la versi\u00f3n 3.8.5, ClipShare Server para Windows utilizaba el orden de b\u00fasqueda predeterminado de DLL de Windows y cargaba librer\u00edas del sistema como CRYPTBASE.dll y WindowsCodecs.dll desde su propio directorio antes de la ruta del sistema. Un usuario local sin privilegios que pudiera escribir en la carpeta que contiene clip_share.exe podr\u00eda colocar all\u00ed DLL maliciosas, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del servidor y, si la ejecutaba un administrador (u otro usuario con privilegios elevados), provocar\u00eda una escalada de privilegios local fiable. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.8.5."
    }
  ],
  "id": "CVE-2025-49148",
  "lastModified": "2025-06-12T16:06:20.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-11T15:15:43.043",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.