CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426
CVE-2025-0141 HIGH
Palo Alto Networks GlobalProtect < - Privilege Escalation
CVE-2025-49124 HIGH
Apache Tomcat 9.0.23-9.0.105, 10.1.0-10.1.41, 11.0.0-M1-11.0.7 - Untrusted Search Path via icacls.exe
CVSS 8.4
CVE-2025-30399 HIGH
.NET & Visual Studio - Code Injection
CVSS 7.5
CVE-2025-5335 HIGH
Autodesk Installer < 2.15 - Privilege Escalation via Untrusted Search Path
CVSS 7.8
CVE-2025-2501 HIGH
Lenovo PC Manager < 5.1.110.5082 - Untrusted Search Path Privilege Escalation
CVSS 7.8
CVE-2025-40909 MEDIUM
perl 5.13.6-5.41.13 - Untrusted Search Path via Thread Creation Race Condition
CVSS 5.9
CVE-2025-5180 HIGH
Wondershare Filmora 14.5.16 - Uncontrolled Search Path in Installer
CVSS 7.0
CVE-2025-5129 HIGH
Sangfor aTrust 2.3.10.60 - Uncontrolled Search Path Element in MSASN1.dll
CVSS 7.0
CVE-2025-4971 HIGH
Broadcom Automic Automation Agent Unix <24.3.0 HF4-21.0.13 HF1 - Pr...
CVE-2025-4802 HIGH
GNU C Library <2.39 - Code Injection
CVSS 7.8
CVE-2025-4769 HIGH
CBEWIN Anytxt Searcher 1.3.1128.0 - Uncontrolled Search Path
CVSS 7.0
CVE-2025-4540 HIGH
MTSoftware C-Lodop <6.6.1.1 - Unquoted Search Path
CVSS 7.0
CVE-2025-4539 HIGH
ToDesk 4.7.6.3 - Uncontrolled Search Path Element in profapi.dll
CVSS 7.0
CVE-2025-4532 HIGH
Shanghai Bairui Information Technology SunloginClient 15.8.3.19819 ...
CVSS 7.0
CVE-2025-4525 HIGH
Discord 1.0.9188 - Uncontrolled Search Path Element in WINSTA.dll
CVSS 7.0
CVE-2025-4455 HIGH
Patch My PC Home Updater <5.1.3.0 - Uncontrolled Search Path
CVSS 7.0
CVE-2025-4272 HIGH
Mechrevo Control Console 1.0.2.70 - Uncontrolled Search Path
CVSS 7.0
CVE-2025-27743 HIGH
System Center - Untrusted Search Path Privilege Escalation
CVSS 7.8
CVE-2025-31480 CRITICAL
aiven-extras <1.1.16 - Privilege Escalation
CVSS 9.1
CVE-2025-30407 MEDIUM
Acronis Cyber Protect Cloud Agent <39713 - Privilege Escalation
CVSS 6.3
CVE-2025-1398 LOW
Mattermost Desktop App <=5.10.0 - Untrusted Search Path via macOS Entitlements
CVSS 3.3
CVE-2025-29903 MEDIUM
JetBrains Runtime <21.0.6b872.80 - Code Injection
CVSS 5.2
CVE-2025-27167 HIGH
Illustrator 28.0-28.7.4 - Untrusted Search Path
CVSS 7.8
CVE-2025-1804 HIGH
Blizzard Battle.Net <2.39.0.15212 - Path Traversal
CVSS 7.0
CVE-2025-1756 HIGH
mongosh <2.3.0 - Privilege Escalation
CVSS 7.5
Details
Vulnerabilities 639
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits