4.5
CVE-2025-0733
- EPSS 0.02%
- Veröffentlicht 27.01.2025 18:15:40
- Zuletzt bearbeitet 27.01.2025 18:15:40
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
Postman
Version
11.0
Status
affected
Version
11.1
Status
affected
Version
11.2
Status
affected
Version
11.3
Status
affected
Version
11.4
Status
affected
Version
11.5
Status
affected
Version
11.6
Status
affected
Version
11.7
Status
affected
Version
11.8
Status
affected
Version
11.9
Status
affected
Version
11.10
Status
affected
Version
11.11
Status
affected
Version
11.12
Status
affected
Version
11.13
Status
affected
Version
11.14
Status
affected
Version
11.15
Status
affected
Version
11.16
Status
affected
Version
11.17
Status
affected
Version
11.18
Status
affected
Version
11.19
Status
affected
Version
11.20
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 4.5 | 1 | 3.4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 2 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 3.5 | 1.5 | 6.4 |
AV:L/AC:H/Au:S/C:P/I:P/A:P
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.