Description
A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.
References (3)
Core 3
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.295961
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.295961
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.496010
Scores
CVSS v3
7.0
EPSS
0.0017
EPSS Percentile
6.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-426
Status
published
Products (4)
Kong/Insomnia
10.0
Kong/Insomnia
10.1
Kong/Insomnia
10.2
Kong/Insomnia
10.3
Published
Feb 16, 2025
Tracked Since
Feb 18, 2026