CVE-2024-25376

HIGH

Thesycon Software Solutions Gmbh & Co. KG TUSBAudio <5.68.0 - RCE

Title source: llm

Description

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.

Exploits (1)

nomisec WORKING POC 2 stars

by ewilded · poc

https://github.com/ewilded/CVE-2024-25376-POC

View Code ZIP pw:eip

References (1)

[Product] https://www.thesycon.de/eng/usb_audiodriver.shtml#SecurityAdvisory

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 30.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

thesycon/tusbaudio < 5.68.0

Published Apr 11, 2024

Tracked Since Feb 18, 2026