CVE-2025-22894

High CVSS: 8.8

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege.

Vendor

Hummingheads

Product

Defense Platform

CWE

CWE-422

Yayın Tarihi

2025-02-06 08:15:30

Güncelleme

2026-02-04 20:21:58

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-422 Defense Platform HIGH Hummingheads 2025

Referanslar

https://jvn.jp/en/jp/JVN66673020/ https://www.hummingheads.co.jp/dep/storelist/

Benzer Kayıtlar

High

CVE-2025-23236

Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs…

Medium

CVE-2025-24483

NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker…

Medium

CVE-2025-24845

Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home…

High

CVE-2025-20094

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier…

High

CVE-2025-22890

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an atta…