PT-2025-20646 · Unknown+1 · Winsta.Dll+1

Shellkraft

Publicado

2025-05-10

Atualizado

2025-09-28

CVE-2025-4525

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Discord version 1.0.9188

Description A critical issue has been found in Discord, affecting some unknown functionality in the library WINSTA.dll. This issue leads to an uncontrolled search path. The attack must be approached locally and has a high complexity, making exploitation difficult. The exploit has been disclosed to the public.

Recommendations For Discord version 1.0.9188, consider restricting access to the WINSTA.dll library as a temporary mitigation measure until a patch is available.

Exploit

Correção

RCE

Untrusted Search Path

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426CWE-427

Identificadores relacionados

CVE-2025-4525

Produtos afetados

Discord

Winsta.Dll

PT-2025-20646 · Unknown+1 · Winsta.Dll+1

CVE-2025-4525

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12