Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-40979

Summary
Assigner-INCIBE
Assigner Org ID-0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At-10 Sep, 2025 | 11:35
Updated At-10 Sep, 2025 | 20:23
Rejected At-
Credits

DLL search order hijack in Wave by Grandstream Networks

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:INCIBE
Assigner Org ID:0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At:10 Sep, 2025 | 11:35
Updated At:10 Sep, 2025 | 20:23
Rejected At:
▼CVE Numbering Authority (CNA)
DLL search order hijack in Wave by Grandstream Networks

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions.

Affected Products
Vendor
Grandstream Networks
Product
Wave
Default Status
unaffected
Versions
Affected
  • From 0 before 1.27.11 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
4.07.0HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The vulnerability has been fixed by the Grandstream Networks team in the 1.27.11 version.

Configurations
Workarounds
Exploits
Credits
finder
Alexander Huaman Jaimes
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.incibe.es/en/incibe-cert/notices/aviso/dll-search-order-hijack-wave-grandstream-networks
N/A
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/dll-search-order-hijack-wave-grandstream-networks
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-coordination@incibe.es
Published At:10 Sep, 2025 | 12:15
Updated At:11 Sep, 2025 | 17:14

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.0HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-427Primarycve-coordination@incibe.es
CWE ID: CWE-427
Type: Primary
Source: cve-coordination@incibe.es
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.incibe.es/en/incibe-cert/notices/aviso/dll-search-order-hijack-wave-grandstream-networkscve-coordination@incibe.es
N/A
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/dll-search-order-hijack-wave-grandstream-networks
Source: cve-coordination@incibe.es
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

10Records found
CVE-2025-2629
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.06% / 18.26%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:45
Updated-18 Aug, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-2630
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.06% / 18.26%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:50
Updated-18 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-34488
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7||HIGH
EPSS-0.01% / 2.61%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 06:17
Updated-24 Apr, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.

Action-Not Available
Vendor-i-PRO Co., Ltd.
Product-IP Setting Software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-10213
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 11:38
Updated-29 Jan, 2026 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitrary code execution and persistence.

Action-Not Available
Vendor-updfUPDF
Product-updfUPDF
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-10214
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 11:39
Updated-29 Jan, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.

Action-Not Available
Vendor-updfUPDF
Product-updfUPDF
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-10215
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 11:39
Updated-20 Jan, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.

Action-Not Available
Vendor-updfUPDF
Product-updfUPDF
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-62628
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 3.19%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 14:29
Updated-15 May, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AIM-T Manageability ServiceAMD Management Console (AMC)AMD Manageability APIDASH CLI - Command Line ApplicationAMD Management Plug-In for SCCMAMD Cloud Manageability Service (ACMS)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-36333
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 1.46%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 02:58
Updated-16 May, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Radeon™ RX Vega Series Graphics CardsAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Cleanup UtilityAMD Radeon™ RX 6000 Series Graphics ProductsAMD Radeon™ PRO W7000 Series Graphics ProductsAMD Radeon™ VIIAMD Radeon™ PRO WX 8000/9000 Series Graphics CardsAMD Radeon™ RX 7000 Series Graphics ProductsAMD Radeon™ PRO VIIAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Radeon™ RX 5000 Series Graphics Products
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47942
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-13 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2024Solid Edge SE2024solid_edge_se2024
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-35471
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-7||HIGH
EPSS-0.05% / 16.19%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 01:13
Updated-23 Sep, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
conda-forge openssl-feedstock writable OPENSSLDIR

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.

Action-Not Available
Vendor-conda-forgeconda-forgeMicrosoft Corporation
Product-openssl-feedstockminiforgewindowsminiforgeopenssl-feedstock
CWE ID-CWE-427
Uncontrolled Search Path Element
Details not found