CVE-2025-0732

EPSS 0.02%
Veröffentlicht 27.01.2025 18:15:40
Zuletzt bearbeitet 27.01.2025 18:15:40
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt Discord

Version 1.0.9177

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.041

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	4.5	1	3.4	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	2	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.5	1.5	6.4	AV:L/AC:H/Au:S/C:P/I:P/A:P

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://vuldb.com/?ctiid.293510

https://vuldb.com/?id.293510

https://vuldb.com/?submit.481209

https://nvd.nist.gov/vuln/detail/CVE-2025-0732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0732

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-0732