CVE-2025-60749
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: MITRE

Description
DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-11-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-60749
EUVD
EUVD-2025-37354
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trimble sketchup 2025
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-60749 is a DLL hijacking vulnerability in Trimble SketchUp Desktop 2025. The vulnerability occurs because the application and its helper process (sketchup_webhelper.exe) load the DLL file libcef.dll without specifying a full path. This allows an attacker to place a malicious libcef.dll in a directory that is searched before the legitimate DLL, causing the application to load the attacker's DLL instead. Once loaded, the malicious DLL can execute arbitrary code with the privileges of the SketchUp process, potentially giving the attacker full control over the victim's system. [2]

Impact Analysis

Exploitation of this vulnerability can lead to theft of sensitive design files, intellectual property, and business secrets. An attacker can manipulate the system, deploy ransomware, corrupt project models, or remotely control the compromised system via a command-and-control connection. All this can happen while the software appears to function normally, causing significant economic damage especially to professionals relying on SketchUp for 3D visualization. [2]

Detection Guidance

This vulnerability can be detected by checking if a malicious libcef.dll is present in the same directory as sketchup_webhelper.exe or in any directory that is searched before the legitimate DLL. One way to detect this is to locate the sketchup_webhelper.exe process and verify the loaded libcef.dll path. Commands such as 'Process Explorer' on Windows can be used to inspect loaded DLLs for the SketchUp process. Additionally, manually inspecting the directories in the DLL search path for unexpected or suspicious libcef.dll files can help detect the issue. There is no specific command line provided, but monitoring the DLL load order and presence of unexpected DLLs named libcef.dll near sketchup_webhelper.exe is key. [2]

Mitigation Strategies

Immediate mitigation steps include ensuring that no malicious libcef.dll files exist in the same directory as sketchup_webhelper.exe or in any directory that precedes the legitimate DLL in the search order. Restrict write permissions on directories where SketchUp and its helper processes reside to prevent attackers from placing malicious DLLs. Avoid running SketchUp with elevated privileges to limit the impact of exploitation. Monitoring and removing any suspicious DLL files named libcef.dll in the application directories is recommended until an official patch or update is available. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60749. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart