CVE-2025-26155
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-02
Assigner: MITRE
Description
Description
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ncp | ncp_secure_entry_windows_client | 13.19 |
| ncp | ncp_secure_enterprise_client | 13.18 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Untrusted Search Path issue in NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19. It means that the software may execute or load files from an untrusted or incorrect directory, potentially allowing an attacker to influence the program's behavior or execute malicious code.
How can this vulnerability impact me? :
The impact of this vulnerability could include unauthorized code execution or manipulation of the affected software, which may lead to security breaches such as data compromise or system control by an attacker.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70