CVE-2025-60749
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trimble | sketchup | 2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-60749 is a DLL hijacking vulnerability in Trimble SketchUp Desktop 2025. The vulnerability occurs because the application and its helper process (sketchup_webhelper.exe) load the DLL file libcef.dll without specifying a full path. This allows an attacker to place a malicious libcef.dll in a directory that is searched before the legitimate DLL, causing the application to load the attacker's DLL instead. Once loaded, the malicious DLL can execute arbitrary code with the privileges of the SketchUp process, potentially giving the attacker full control over the victim's system. [2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to theft of sensitive design files, intellectual property, and business secrets. An attacker can manipulate the system, deploy ransomware, corrupt project models, or remotely control the compromised system via a command-and-control connection. All this can happen while the software appears to function normally, causing significant economic damage especially to professionals relying on SketchUp for 3D visualization. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if a malicious libcef.dll is present in the same directory as sketchup_webhelper.exe or in any directory that is searched before the legitimate DLL. One way to detect this is to locate the sketchup_webhelper.exe process and verify the loaded libcef.dll path. Commands such as 'Process Explorer' on Windows can be used to inspect loaded DLLs for the SketchUp process. Additionally, manually inspecting the directories in the DLL search path for unexpected or suspicious libcef.dll files can help detect the issue. There is no specific command line provided, but monitoring the DLL load order and presence of unexpected DLLs named libcef.dll near sketchup_webhelper.exe is key. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that no malicious libcef.dll files exist in the same directory as sketchup_webhelper.exe or in any directory that precedes the legitimate DLL in the search order. Restrict write permissions on directories where SketchUp and its helper processes reside to prevent attackers from placing malicious DLLs. Avoid running SketchUp with elevated privileges to limit the impact of exploitation. Monitoring and removing any suspicious DLL files named libcef.dll in the application directories is recommended until an official patch or update is available. [2]