5.6
CVE-2025-12418
- EPSS 0.03%
- Veröffentlicht 07.11.2025 21:27:04
- Zuletzt bearbeitet 12.11.2025 16:20:22
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and InstallShield2023R2-CVE-2025-12418-SecurityPatch.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRevenera
≫
Produkt
InstallShield
Default Statusunaffected
Version <=
2023.R2
Version
2023.R1
Status
affected
Version <=
2024.R2
Version
2024.R1
Status
affected
Version <
InstallShield2025R1-CVE-2025-12418-SecurityPatch
Version
2025.R1
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.075 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | 5.6 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.