PT-2025-45507 · Revenera · Installshield
Published
2025-11-07
·
Updated
2025-11-08
·
CVE-2025-12418
CVSS v4.0
5.6
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Revenera InstallShield versions 2023 R2 through 2025 R1
Description
A potential Denial of Service issue exists in Revenera InstallShield. When a local administrator performs an uninstall, a symbolic link may be followed during the removal of a user-writable configuration directory, potentially leading to a Denial of Service.
Recommendations
Install the InstallShield2025R1-CVE-2025-12418-SecurityPatch for version 2025 R1.
Install the InstallShield2024R2-CVE-2025-12418-SecurityPatch for version 2024 R2.
Install the InstallShield2023R2-CVE-2025-12418-SecurityPatch for version 2023 R2.
For versions prior to 2023 R2, apply available hotfixes.
Fix
DoS
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Installshield