CVE-2025-4525

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2 Exploit Third Party Advisory
https://vuldb.com/?ctiid.308270 Permissions Required VDB Entry
https://vuldb.com/?id.308270 Third Party Advisory VDB Entry
https://vuldb.com/?submit.562788 Third Party Advisory VDB Entry
https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:discord:discord:1.0.9188:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

01 Jul 2025, 20:23

Type Values Removed Values Added
First Time Microsoft
Discord discord
Microsoft windows
Discord
References () https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2 - () https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.308270 - () https://vuldb.com/?ctiid.308270 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.308270 - () https://vuldb.com/?id.308270 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.562788 - () https://vuldb.com/?submit.562788 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:discord:discord:1.0.9188:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

12 May 2025, 15:16

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad clasificada como crítica en Discord 1.0.9188 para Windows. Este problema afecta a una funcionalidad desconocida en la librería WINSTA.dll. La manipulación genera una ruta de búsqueda incontrolada. El ataque debe abordarse localmente. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió.
References () https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2 - () https://gist.github.com/shellkraft/ac4be6a3953e2889a7bf54aea2db88c2 -

10 May 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-10 23:15

Updated : 2025-07-01 20:23


NVD link : CVE-2025-4525

Mitre link : CVE-2025-4525

CVE.ORG link : CVE-2025-4525


JSON object : View

Products Affected

discord

  • discord

microsoft

  • windows
CWE
CWE-426

Untrusted Search Path

CWE-427

Uncontrolled Search Path Element