CVE-2020-25245

Name of the Vulnerable Software and Affected Versions: DIGSI 4 versions prior to V4.94 SP1 HF 1

Description: A security issue has been found where several folders in the %PATH% are writable by normal users. Since these folders are included in the search for dlls, an attacker could potentially place malicious dlls there, which would be executed by SYSTEM.

Recommendations: For versions prior to V4.94 SP1 HF 1, update to version V4.94 SP1 HF 1 or later to resolve the issue. As a temporary workaround, consider restricting write access to the folders included in the %PATH% to prevent malicious dll placement.