PT-2025-39638 · Seagate · Seagate Toolkit
Natthawut Saexu
·
Published
2025-08-20
·
Updated
2025-09-28
·
CVE-2025-9267
CVSS v4.0
7.0
High
| Vector | AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Seagate Toolkit versions prior to 2.35.0.6
Description
The software attempts to load DLLs from the current working directory without validating their origin or integrity. This can be exploited by placing a malicious DLL in the same directory as the installer executable, potentially leading to arbitrary code execution with the privileges of the user running the installer. The issue is due to insecure DLL loading practices, such as relying on relative paths when invoking system libraries.
Recommendations
Update to version 2.35.0.6 or later.
Exploit
Fix
Untrusted Search Path
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Seagate Toolkit