PT-2025-28578 · Microsoft · Windows Performance Recorder+1

Bocheng Xiang

Publicado

2025-07-08

Atualizado

2025-07-20

CVE-2025-49680

CVSS v3.1

7.3

Alta

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Windows Performance Recorder (affected versions not specified)

Description: The issue is related to improper link resolution before file access, also known as 'link following', in Windows Performance Recorder. This allows an authorized attacker to deny service locally. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

BDU:2025-08457

CVE-2025-49680

Produtos afetados

Windows

Windows Performance Recorder

PT-2025-28578 · Microsoft · Windows Performance Recorder+1

CVE-2025-49680

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9