CVE-2025-12418
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-11-12
Assigner: Flexera Software LLC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flexera | installshield | 2024_r2 |
| flexera | installshield | 2025_r1 |
| flexera | installshield | 2023_r2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential Denial of Service issue in all supported versions of Revenera InstallShield (2025 R1, 2024 R2, 2023 R2, and prior). It occurs when a local administrator performs an uninstall, and a symbolic link (symlink) is followed during the removal of a user-writable configuration directory. This can cause the system to become unavailable or disrupted, resulting in a Denial of Service.
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service condition on systems using the affected versions of InstallShield. This means that during uninstall operations by a local administrator, the system or application could become unresponsive or fail to operate correctly due to the symlink being followed improperly, potentially disrupting normal operations.
What immediate steps should I take to mitigate this vulnerability?
Apply the appropriate hotfix for your InstallShield version: InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, or InstallShield2023R2-CVE-2025-12418-SecurityPatch to resolve the issue.