CVE-2025-61161

Name of the Vulnerable Software and Affected Versions Evope Collector version 1.1.6.9.0

Description A DLL hijacking issue exists in Evope Collector. The software loads the wtsapi32.dll library from an uncontrolled search path, specifically C:ProgramDataEvope. This allows a local, unprivileged attacker to potentially execute arbitrary code or gain SYSTEM-level privileges by placing a malicious DLL in that directory. The Evope.Service.exe component, running with SYSTEM privileges, automatically loads the DLL during startup or reboot.

Recommendations Ensure the wtsapi32.dll library is located in a secure, controlled directory and is not accessible for modification by unprivileged users.