CVE-2025-66835

High CVSS: 7.1

TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context.

Vendor

Trueconf

Product

Trueconf

CWE

CWE-427

Yayın Tarihi

2025-12-30 19:15:44

Güncelleme

2026-01-09 19:40:20

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-427 Trueconf HIGH Trueconf 2025

Referanslar

http://trueconf.com https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66835/README.md https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66835/README.md

Benzer Kayıtlar

High

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is abl…

Medium

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to…

High

CVE-2025-66824

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference fun…

High

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadshe…