CVE-2019-25268
Unknown Unknown - Not Provided
DLL Hijacking in NREL BEopt 2.8 Allows Remote Code Execution

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: VulnCheck

Description
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25268
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
nrel beopt 2.8.0.0
nrel beopt 2.7.0.0
nrel beopt 2.6.0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a DLL hijacking issue in NREL BEopt software version 2.8.0.0 (also affecting versions 2.7.0.0 and 2.6.0.1). The application insecurely loads dynamic link libraries named "sdl2.dll" and "libegl.dll". An attacker can place malicious versions of these DLLs on remote WebDAV or SMB shares and trick a user into opening BEopt application files from those shares. This causes the application to load the attacker's malicious libraries instead of the legitimate ones, allowing the attacker to execute arbitrary code on the victim's system. [2, 3]

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized code execution on the affected system. An attacker can gain the ability to run arbitrary commands or programs with the privileges of the user running BEopt, potentially compromising system security, stealing data, or causing other malicious effects. The vulnerability is rated with a high severity score (CVSS 3.1 base score 9.8), indicating a significant impact on confidentiality, integrity, and availability. [2, 3]

Detection Guidance

Detection of this DLL hijacking vulnerability involves monitoring for suspicious DLL loading behavior, especially for 'sdl2.dll' and 'libegl.dll' being loaded from remote WebDAV or SMB shares. One approach is to check if BEopt application files are being opened from remote shares and if these DLLs are loaded from unexpected locations. On Windows systems, tools like Sysinternals Process Monitor (Procmon) can be used to trace DLL loading paths. Commands to check network shares and loaded DLLs could include: 1) Using Procmon to filter for BEopt.exe and DLL load events. 2) Using PowerShell to check loaded modules in BEopt processes: `Get-Process -Name beopt | ForEach-Object { $_.Modules } | Where-Object { $_.ModuleName -in @('sdl2.dll','libegl.dll') }`. 3) Scanning SMB or WebDAV shares for presence of suspicious DLL files named 'sdl2.dll' or 'libegl.dll'. [2, 3]

Mitigation Strategies

Immediate mitigation steps include: 1) Avoid opening BEopt application files from untrusted or remote WebDAV or SMB shares to prevent loading malicious DLLs. 2) Restrict or monitor access to network shares where BEopt files reside. 3) Implement application whitelisting or DLL loading restrictions to ensure only legitimate DLLs are loaded. 4) If possible, update or patch BEopt software to a version that addresses this vulnerability (though no patch is mentioned in the resources). 5) Educate users about the risk of opening BEopt files from remote shares. 6) Use endpoint protection solutions to detect and block suspicious DLL loads or code execution attempts related to this vulnerability. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25268. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart