VeePN har 1.6.2 AVService avservice.exe kura hakki ndiyam

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a VeePN har 1.6.2. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil C:\Program Files (x86)\VeePN\avservice\avservice.exe, a cikin sashi AVService. Wuro manipulation ga kura hakki ndiyam. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-428. Lalle, rauni an sanar da shi 10/26/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-12286. Wuroo ka a yiɗi a yi ɗum e gese. Bayani na fasaha ga. Babu wani exploit da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí a wondi feere. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 82 Datenpunkte

FurɗeSúgá
10/26/2025 17:28		Gargadi 1/2
10/26/2025 17:29		Gargadi 2/2
10/27/2025 23:42
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss4_vuldb_eXXX
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore5.75.75.7
cvss3_vuldb_basescore7.07.07.0
cvss3_vuldb_tempscore6.86.86.8
cvss3_meta_basescore7.07.07.0
cvss3_meta_tempscore6.86.86.9
cvss4_vuldb_bscore7.37.37.3
cvss4_vuldb_btscore7.37.37.3
advisory_date1761429600 (10/26/2025)1761429600 (10/26/2025)1761429600 (10/26/2025)
price_0day$0-$5k$0-$5k$0-$5k
software_nameVeePNVeePNVeePN
software_version<=1.6.2<=1.6.2<=1.6.2
software_componentAVServiceAVServiceAVService
vulnerability_cweCWE-428 (kura hakki ndiyam)CWE-428 (kura hakki ndiyam)CWE-428 (kura hakki ndiyam)
vulnerability_risk111
cvss3_vuldb_avLLL
cvss3_vuldb_acHHH
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/lakshayyverma/CVE-Discovery/blob/main/VeePn.mdhttps://github.com/lakshayyverma/CVE-Discovery/blob/main/VeePn.mdhttps://github.com/lakshayyverma/CVE-Discovery/blob/main/VeePn.md
source_cveCVE-2025-12286CVE-2025-12286CVE-2025-12286
cna_responsibleVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_avLLL
cvss2_vuldb_acHHH
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avLLL
cvss4_vuldb_acHHH
cvss4_vuldb_prLLL
cvss4_vuldb_uiNNN
cvss4_vuldb_vcHHH
cvss4_vuldb_viHHH
cvss4_vuldb_vaHHH
software_fileC:\Program Files (x86)\VeePN\avservice\avservice.exeC:\Program Files (x86)\VeePN\avservice\avservice.exe
cve_nvd_summaryA weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_avL
cvss4_cna_acH
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcH
cvss4_cna_viH
cvss4_cna_vaH
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore7.3
cvss3_cna_avL
cvss3_cna_acH
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cvss3_cna_basescore7
cvss2_cna_avL
cvss2_cna_acH
cvss2_cna_auS
cvss2_cna_ciC
cvss2_cna_iiC
cvss2_cna_aiC
cvss2_cna_basescore6

GurɗoGumtiGada

Do you need the next level of professionalism?

Upgrade your account now!