PT-2025-20662 · Mtsoftware · C-Lodop
Nightsedgev
·
Published
2025-05-11
·
Updated
2025-05-23
·
CVE-2025-4540
CVSS v4.0
7.3
High
| Vector | AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MTSoftware C-Lodop versions 6.6.1.1 through 6.6.12
Description
A critical issue affects the component CLodopPrintService of MTSoftware C-Lodop, where the manipulation leads to an unquoted search path. The attack requires local access and has a high complexity, making exploitation difficult. The issue has been publicly disclosed.
Recommendations
For MTSoftware C-Lodop versions 6.6.1.1 through 6.6.12, upgrade to version 6.6.13 to address this issue. As a temporary workaround, consider restricting access to the CLodopPrintService component until the update is applied.
Exploit
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
C-Lodop