CVE-2025-13433
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-20

Last updated on: 2025-11-20

Assigner: VulDB

Description
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-20
Last Modified
2025-11-20
Generated
2026-06-16
AI Q&A
2025-11-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13433
EUVD
EUVD-2025-198258
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
muse_group musehub 2.1.0.1567
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted search path flaw in Muse Group MuseHub version 2.1.0.1567, specifically in the Windows service executable Muse.Updater.exe. Because the executable path contains spaces but is not enclosed in quotes, Windows may search intermediate directories (like "C:\Program") for executables. If a low-privileged local user can write to such an intermediate directory, they can place a malicious executable there. When the service starts or restarts, Windows might run the malicious executable instead of the intended one, allowing local code execution and potential privilege escalation. [2, 3]

Impact Analysis

This vulnerability can impact you by allowing a local attacker with low-level privileges to execute arbitrary code with the privileges of the affected Windows service. This can lead to privilege escalation, compromising the confidentiality, integrity, and availability of the system. However, exploitation requires local access and technical knowledge, and no known exploits currently exist. [2, 3]

Detection Guidance

This vulnerability can be detected by checking for unquoted service executable paths that contain spaces on the affected system. Specifically, you should inspect the Windows service 'Muse.Updater.exe' path for unquoted elements. A common command to detect unquoted service paths is using PowerShell or command prompt to query service configurations. For example, you can run: 1) PowerShell: Get-WmiObject win32_service | Where-Object { $_.PathName -like '* *' -and $_.PathName -notlike '"*"' } | Select-Object Name, PathName 2) Command Prompt: sc qc Muse.Updater.exe and check if the BINARY_PATH_NAME contains spaces without quotes. Additionally, verify if intermediate directories like 'C:\Program' are writable by low-privileged users, which can be checked by attempting to create files or folders in those directories with a non-admin account. [2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting write permissions on intermediate directories in the service executable path, such as 'C:\Program', to prevent low-privileged users from placing malicious executables there. Since no patches or vendor mitigations are currently available, consider replacing the affected component (MuseHub 2.1.0.1567) with an alternative product or version that does not have this vulnerability. Additionally, avoid restarting or starting the vulnerable service until the issue is resolved to prevent exploitation. Monitoring and limiting local user privileges can also reduce the risk of exploitation. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart