PT-2025-44737 · Yandex · Yandex Disk
Published
2025-07-22
·
Updated
2025-12-14
·
CVE-2025-5470
CVSS v4.0
7.3
High
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:Amber |
Name of the Vulnerable Software and Affected Versions
Yandex Disk versions prior to 3.2.45.3275
Description
A Search Order Hijacking issue exists in Yandex Disk on MacOS due to an uncontrolled search path element. This allows for exploitation of the system.
Recommendations
Update Yandex Disk to version 3.2.45.3275 or later.
Fix
Untrusted Search Path
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Yandex Disk