CVE-2025-10213

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: UPDF version 1.8.5.0

Description: A DLL search path hijacking issue exists in the UPDF.exe executable for Windows. An attacker with local access can execute arbitrary code by placing a malicious dxtn.dll file in the 'C:UsersAppDataLocalMicrosoftWindowsApps' directory. This could lead to arbitrary code execution and persistence.

Recommendations: Ensure that the 'C:UsersAppDataLocalMicrosoftWindowsApps' directory is properly secured and that unauthorized files cannot be placed within it.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

BDU:2026-00031

CVE-2025-10213

Affected Products

Updf

CVE-2025-10213

Weakness Enumeration

Related Identifiers

Affected Products

References · 6