CVE-2025-12418
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-07

Last updated on: 2025-11-12

Assigner: Flexera Software LLC

Description
Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and InstallShield2023R2-CVE-2025-12418-SecurityPatch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-07
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12418
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
flexera installshield 2024_r2
flexera installshield 2025_r1
flexera installshield 2023_r2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a potential Denial of Service issue in all supported versions of Revenera InstallShield (2025 R1, 2024 R2, 2023 R2, and prior). It occurs when a local administrator performs an uninstall, and a symbolic link (symlink) is followed during the removal of a user-writable configuration directory. This can cause the system to become unavailable or disrupted, resulting in a Denial of Service.

Impact Analysis

The vulnerability can cause a Denial of Service condition on systems using the affected versions of InstallShield. This means that during uninstall operations by a local administrator, the system or application could become unresponsive or fail to operate correctly due to the symlink being followed improperly, potentially disrupting normal operations.

Mitigation Strategies

Apply the appropriate hotfix for your InstallShield version: InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, or InstallShield2023R2-CVE-2025-12418-SecurityPatch to resolve the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12418. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart