CVE-2025-22894

Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier

Description: The issue is related to an unprotected Windows messaging channel, also known as 'Shatter'. This allows an attacker to send a specially crafted message to a specific process of the Windows system where the product is running, potentially altering arbitrary files in the system. As a result, an arbitrary DLL may be executed with SYSTEM privilege.

Recommendations: For Defense Platform Home Edition versions 3.9.51.x and earlier, consider restricting access to the Windows messaging channel to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.