CVE-2025-4455

HIGH

Patch My PC Home Updater <5.1.3.0 - Uncontrolled Search Path

Title source: llm

Description

A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?id.308069

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.308069

[Permissions Required, VDB Entry] https://vuldb.com/?submit.562440

[Various Sources] https://gist.github.com/shellkraft/d7db265b53115d52a4ca5bffe5e9c6e4

Scores

CVSS v3 7.0

EPSS 0.0005

EPSS Percentile 13.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-426 CWE-427

Status published

Products (4)

Patch My PC/Home Updater 5.1.0

Patch My PC/Home Updater 5.1.1

Patch My PC/Home Updater 5.1.2

Patch My PC/Home Updater 5.1.3.0

Published May 09, 2025

Tracked Since Feb 18, 2026