PT-2026-4799 · Crucial · Crucial Storage Executive
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2025-71178
CVSS v4.0
7.1
High
| Vector | AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Crucial Storage Executive versions prior to 11.08.082025.00
Description
The Crucial Storage Executive installer is susceptible to a DLL preloading issue. The installer operates with elevated privileges and utilizes an uncontrolled search path when loading Windows DLLs. This allows a malicious DLL, positioned alongside the installer, to be loaded in place of the legitimate system library. A local attacker could potentially execute arbitrary code with administrator privileges by convincing a user to run the installer from a directory containing the attacker-supplied DLL.
Recommendations
Update Crucial Storage Executive to version 11.08.082025.00 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crucial Storage Executive