CVE-2025-13051
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges.
This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-11-19 04:16:05
Güncelleme
2025-11-19 19:14:59
Source Identifier
security@asustor.com
KEV Date Added
-