| ID |
CVE-2025-35978
|
| Sažetak |
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed. |
| Reference |
|
| CVSS |
| Base: | 7.1 |
| Impact: | 5.2 |
| Exploitability: | 1.8 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| LOCAL |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| NONE |
HIGH |
HIGH |
|
| CVSS vektor |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Zadnje važnije ažuriranje |
12-06-2025 - 16:06 |
| Objavljeno |
12-06-2025 - 06:15 |
