← voltar
CVE-2025-4525

Discord WINSTA.dll uncontrolled search path

CVSS 7.3 HIGHEPSS 0.3%CWE-426CWE-427
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
n/a · Discord

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2https://vuldb.com/?ctiid.308270https://vuldb.com/?id.308270https://vuldb.com/?submit.562788