CVE-2025-49148
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-06-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) is caused by improper DLL loading order. The server loads critical system DLLs like CRYPTBASE.dll and WindowsCodecs.dll from its own executable directory before the system directories. If a local, non-privileged user can write to the folder containing clip_share.exe, they can place malicious DLLs there with the same names. When the server starts, it loads these malicious DLLs instead of legitimate ones, leading to arbitrary code execution within the server's context. If the server is run by an Administrator or elevated user, this can escalate to local privilege escalation. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to arbitrary code execution and local privilege escalation on the affected system. An attacker with local write access to the ClipShare Server directory can execute malicious code with the server's privileges. If the server runs with Administrator or elevated privileges, the attacker can gain full control over the system, potentially leading to data theft, system backdoors, credential theft, and disruption of services. It compromises confidentiality, integrity, and availability of the affected host. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the folder containing clip_share.exe is writable by non-privileged users, which would allow placing malicious DLLs. Additionally, auditing the directory for suspicious DLL files named like CRYPTBASE.dll or WindowsCodecs.dll can help detect exploitation attempts. Commands to check folder permissions on Windows include: 'icacls <path_to_clip_share_directory>' to view access control lists, and 'dir /Q <path_to_clip_share_directory>' to check ownership. Also, monitoring for unexpected DLL files in the clip_share.exe directory can be done using 'dir <path_to_clip_share_directory>\*.dll'. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading ClipShare Server to version 3.8.5 or later, where the DLL loading behavior is fixed. Until the upgrade, restrict write permissions on the directory containing clip_share.exe to prevent non-privileged users from placing malicious DLLs. Additionally, audit the directory for any suspicious DLL files and remove them. Users should also consider running ClipShare Server with the least privileges necessary and avoid running it as Administrator or elevated users if possible. [1]