Description
A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise".
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
https://vuldb.com/?id.292495
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.292495
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.480875
Issue Tracking issue-tracking
patch
https://github.com/obsproject/obs-studio/pull/11569
Scores
CVSS v3
4.5
EPSS
0.0019
EPSS Percentile
8.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-426
Status
published
Products (3)
obsproject/OBS Studio
30.0.0
obsproject/OBS Studio
30.0.1
obsproject/OBS Studio
30.0.2
Published
Jan 20, 2025
Tracked Since
Feb 18, 2026