CVE-2025-34109

Panda Security Products <16.1.2 - Code Injection

Title source: llm

Description

PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).

Exploits (2)

metasploit WORKING POC EXCELLENT

by h00die <[email protected]>, Security-Assessment.com · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/panda_psevents.rb

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Security-Assessment.com · textlocalwindows

https://www.exploit-db.com/exploits/40020

View Code ZIP pw:eip

References (5)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/panda_psevents.rb

[Various Sources] https://web.archive.org/web/20160704105329/http://www.pandasecurity.com/uk/support/card?id=100053

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40020

[Third Party Advisory] https://www.vulncheck.com/advisories/panda-security-psevents-insecure-dll-loading-privilege-escalation

[Vendor Advisory] https://web.archive.org/web/20170415211828/http://www.security-assessment.com/files/documents/advisory/Panda%20Security%20-%20Privilege%20Escalation.pdf

Scores

EPSS 0.0277

EPSS Percentile 85.9%

Classification

CWE

CWE-427

Status draft

Timeline

Published Jul 15, 2025

Tracked Since Feb 18, 2026