CVE-2019-25268

CRITICAL

NREL BEopt 2.8.0.0 - Code Injection

Title source: llm

Description

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code.

References (5)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/158065

[Exploit, Third Party Advisory] https://packetstormsecurity.com/files/152043

[Various Sources] https://web.archive.org/web/20190915095657/https://beopt.nrel.gov/

[Issue Tracking] https://cxsecurity.com/issue/WLB-2019030108

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5513.php

Scores

CVSS v3 9.8

EPSS 0.0007

EPSS Percentile 20.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Timeline

Published Jan 08, 2026

Tracked Since Feb 18, 2026