CVE-2025-20094

Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier

Description: The issue exists due to an unprotected Windows messaging channel, also known as 'Shatter'. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege.

Recommendations: For Defense Platform Home Edition versions 3.9.51.x and earlier, consider disabling the Windows messaging channel as a temporary workaround until a patch is available. Restrict access to the specific process of the Windows system where the product is running to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.