CVE-2025-34109

July 15, 2025, 8:07 p.m.

8.5
High

Description

PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).

Product(s) Impacted

Vendor Product Versions
Panda Security
  • Panda Global Protection
  • Panda Antivirus Pro
  • Panda Small Business Protection
  • Panda Internet Security
  • 16.1.2
  • 16.1.2
  • *
  • 16.1.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a panda_security panda_global_protection 16.1.2 / / / / / / /
a panda_security panda_antivirus_pro 16.1.2 / / / / / / /
a panda_security panda_small_business_protection / / / / / / /
a panda_security panda_internet_security 16.1.2 / / / / / / /

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/panda_psevents.rb
https://web.archive.org/web/20160704105329/http://www.pandasecurity.com/uk/support/card?id=100053
https://web.archive.org/web/20170415211828/http://www.security-assessment.com/files/documents/advisory/Panda%20Security%20-%20Privilege%20Escalation.pdf
https://www.exploit-db.com/exploits/40020
https://www.vulncheck.com/advisories/panda-security-psevents-insecure-dll-loading-privilege-escalation

Tags

CWE-427
disclosure@vulncheck.com
2025-07-15
CVE-2025-34109

CVSS Score

8.5 / 10

CVSS Data - 4.0

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: LOW
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: July 15, 2025, 1:15 p.m.
Last Modified: July 15, 2025, 8:07 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosure@vulncheck.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.