CVE-2025-34109

HIGH

Panda Security Products <16.1.2 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34109. PoCs published by Security-Assessment.com, h00die <[email protected]>, Security-Assessment.com, including Metasploit module exploits/windows/local/panda_psevents.

AI-analyzed exploit summary This is a detailed advisory describing a local privilege escalation vulnerability in multiple Panda Security products due to insecure DLL loading by the PSEvents.exe process. The writeup explains the exploitation method but does not include actual exploit code.

Description

PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).

Exploits (2)

exploitdb WRITEUP VERIFIED
by Security-Assessment.com · textlocalwindows
https://www.exploit-db.com/exploits/40020

This is a detailed advisory describing a local privilege escalation vulnerability in multiple Panda Security products due to insecure DLL loading by the PSEvents.exe process. The writeup explains the exploitation method but does not include actual exploit code.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Panda Global Protection 2016 (16.1.2), Panda Antivirus Pro 2016 (16.1.2), Panda Small Business Protection (16.1.2), Panda Internet Security 2016 (16.1.2)
Auth required
Prerequisites: Local access to the system · Write permissions to the directory containing PSEvents.exe
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by h00die <[email protected]>, Security-Assessment.com · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/panda_psevents.rb

This Metasploit module exploits a DLL hijacking vulnerability in Panda Security products where PSEvents.exe runs with SYSTEM privileges and loads DLLs from a user-writable directory. The exploit uploads a malicious DLL to the target path and waits for the scheduled task to execute it, achieving local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Panda Security products (Global Protection 2016, Antivirus Pro 2016, Small Business Protection, Internet Security 2016) <= 16.1.2
Auth required
Prerequisites: Local access to the target system · User-writable directory accessible by PSEvents.exe · Panda Security product installed and vulnerable version
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 8.5
EPSS 0.0028
EPSS Percentile 19.9%
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-427
Status published
Products (4)
Panda Security/Panda Antivirus Pro 2016 < 16.1.2
Panda Security/Panda Global Protection 2016 < 16.1.2
Panda Security/Panda Internet Security 2016 < 16.1.2
Panda Security/Panda Small Business Protection < 16.1.2
Published Jul 15, 2025
Tracked Since Feb 18, 2026