CVE-2025-24845

MEDIUM

Defense Platform Home Edition <3.9.51.x - Command Injection

Title source: llm

Description

Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN66673020/

[Product] https://www.hummingheads.co.jp/dep/storelist/

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-88

Status published

Products (1)

hummingheads/defense_platform < 3.9.51.0

Published Feb 06, 2025

Tracked Since Feb 18, 2026