CVE-2025-13433
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-11-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| muse_group | musehub | 2.1.0.1567 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted search path flaw in Muse Group MuseHub version 2.1.0.1567, specifically in the Windows service executable Muse.Updater.exe. Because the executable path contains spaces but is not enclosed in quotes, Windows may search intermediate directories (like "C:\Program") for executables. If a low-privileged local user can write to such an intermediate directory, they can place a malicious executable there. When the service starts or restarts, Windows might run the malicious executable instead of the intended one, allowing local code execution and potential privilege escalation. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker with low-level privileges to execute arbitrary code with the privileges of the affected Windows service. This can lead to privilege escalation, compromising the confidentiality, integrity, and availability of the system. However, exploitation requires local access and technical knowledge, and no known exploits currently exist. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unquoted service executable paths that contain spaces on the affected system. Specifically, you should inspect the Windows service 'Muse.Updater.exe' path for unquoted elements. A common command to detect unquoted service paths is using PowerShell or command prompt to query service configurations. For example, you can run: 1) PowerShell: Get-WmiObject win32_service | Where-Object { $_.PathName -like '* *' -and $_.PathName -notlike '"*"' } | Select-Object Name, PathName 2) Command Prompt: sc qc Muse.Updater.exe and check if the BINARY_PATH_NAME contains spaces without quotes. Additionally, verify if intermediate directories like 'C:\Program' are writable by low-privileged users, which can be checked by attempting to create files or folders in those directories with a non-admin account. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting write permissions on intermediate directories in the service executable path, such as 'C:\Program', to prevent low-privileged users from placing malicious executables there. Since no patches or vendor mitigations are currently available, consider replacing the affected component (MuseHub 2.1.0.1567) with an alternative product or version that does not have this vulnerability. Additionally, avoid restarting or starting the vulnerable service until the issue is resolved to prevent exploitation. Monitoring and limiting local user privileges can also reduce the risk of exploitation. [2, 3]