CVE-2025-43950

{"id": "CVE-2025-43950", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-04-22T18:16:01.517", "references": [{"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43950", "source": "[email protected]"}, {"url": "https://www.dpma.de/english/services/efiling/dpmadirekt/downloads/index.html", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation."}, {"lang": "es", "value": "DPMAdirektPro 4.1.5 es vulnerable al secuestro de DLL. Esto ocurre al colocar una DLL maliciosa en un directorio (en ausencia de una DLL leg\u00edtima), que luego es cargada por la aplicaci\u00f3n en lugar de la DLL leg\u00edtima. Esto provoca que la DLL maliciosa se cargue con los mismos privilegios que la aplicaci\u00f3n, lo que provoca una escalada de privilegios."}], "lastModified": "2025-04-23T14:15:29.930", "sourceIdentifier": "[email protected]"}