CVE-2025-5471
BaseFortify
Publication date: 2025-12-09
Last updated on: 2026-02-19
Assigner: Yandex N.V.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yandex | yandex_telemost | to 2.19.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Uncontrolled Search Path Element issue in Yandex Telemost on MacOS, which allows Search Order Hijacking. This means that the application may execute or load malicious code by searching for files or libraries in an unsafe order, potentially leading to unauthorized actions.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with limited privileges to hijack the search order, potentially causing the application to execute malicious code. This can lead to unauthorized actions or compromise of the system's integrity and confidentiality.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Yandex Telemost on MacOS to version 2.19.1 or later, as versions before 2.19.1 are affected by the uncontrolled search path element vulnerability.