CVE-2025-20094

Feb. 6, 2025, 8:15 a.m.

8.8
High

Description

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege.

Product(s) Impacted

Product Versions
Defense Platform Home Edition
  • ['3.9.51.x and earlier']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-422
Unprotected Windows Messaging Channel ('Shatter')
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

References

https://jvn.jp/en/jp/JVN66673020/
https://www.hummingheads.co.jp/dep/storelist/

Tags

vultures@jpcert.or.jp
2025-02-06
CVE-2025-20094
CWE-422

CVSS Score

8.8 / 10

CVSS Data - 3.0

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    View Vector String

Timeline

Published: Feb. 6, 2025, 8:15 a.m.
Last Modified: Feb. 6, 2025, 8:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.