CVE-2025-35978

Name of the Vulnerable Software and Affected Versions UpdateNavi versions 1.4 L10 through 1.4 L33 UpdateNaviInstallService Service versions 1.2.0091 through 1.2.0125

Description The issue exists due to improper restriction of communication channel to intended endpoints. If a local authenticated attacker sends malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.

Recommendations For UpdateNavi versions 1.4 L10 through 1.4 L33, consider restricting access to the communication channel to prevent malicious data from being sent. For UpdateNaviInstallService Service versions 1.2.0091 through 1.2.0125, consider implementing proper restrictions on the communication channel to intended endpoints to prevent arbitrary registry value modification or code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.