PT-2025-5865 · Unknown · Netmod Vpn Client

·

CVE-2024-57426

·

Published

2025-02-06

·

Updated

2025-02-06

CVSS v3.1

7.3

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions NetMod VPN Client version 5.3.1
Description The issue arises due to the improper validation of dynamically loaded libraries, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This enables remote code execution.
Recommendations For NetMod VPN Client version 5.3.1, as a temporary workaround, consider restricting the loading of dependencies from untrusted directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2024-57426

Affected Products

Netmod Vpn Client