logo_clicknbuy.png

CVE-2025-4455 – Patch My PC Home Updater DLL Search Path Manipulation Vulnerability

The following table lists the changes that have been made to the
CVE-2025-4455 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    May. 09, 2025

    Action Type Old Value New Value
    Added Description A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    Added CVSS V4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V2 (AV:L/AC:H/Au:S/C:C/I:C/A:C)
    Added CWE CWE-427
    Added CWE CWE-426
    Added Reference https://gist.github.com/shellkraft/d7db265b53115d52a4ca5bffe5e9c6e4
    Added Reference https://vuldb.com/?ctiid.308069
    Added Reference https://vuldb.com/?id.308069
    Added Reference https://vuldb.com/?submit.562440
Share the Post:

Related Posts