← back
CVE-2025-49148

ClipShare Server Allows Local Privilege Escalation via DLL Hijacking

CVSS 7.3 HIGHEPSS 0.1%CWE-427
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →