CVE-2025-66835

Name of the Vulnerable Software and Affected Versions TrueConf Client version 8.5.2

Description The software is susceptible to a DLL hijacking issue. A crafted wfapi.dll file can be used by a local attacker to execute arbitrary code with the privileges of the user. The attack involves exploiting a weakness in how the application loads dynamic link libraries.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, ensure the application directory and its subdirectories have restricted permissions to prevent unauthorized modification of DLL files.