CVE-2025-71178
Unknown Unknown - Not Provided
DLL Preloading Vulnerability in Crucial Storage Executive Installer Enables Privilege Escalation

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: VulnCheck

Description
Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-71178
EUVD
EUVD-2025-206345
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
crucial storage_executive to 11.08.082025.00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-71178 is a DLL preloading vulnerability in Crucial Storage Executive installer versions prior to 11.08.082025.00. The installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path. This means that if a malicious DLL is placed in the same directory as the installer, it can be loaded instead of the legitimate system DLL. A local attacker who convinces a user to run the installer from that directory can execute arbitrary code with administrator privileges. [2]

Impact Analysis

This vulnerability can allow a local attacker to gain administrator-level control over your system by executing arbitrary code during the installation of Crucial Storage Executive. This could lead to full system compromise, unauthorized access to sensitive data, installation of malware, or disruption of system operations. The attack requires local access and user interaction but no prior privileges. [2]

Detection Guidance

This vulnerability can be detected by checking the version of the Crucial Storage Executive installer on your system. Versions prior to 11.08.082025.00 are vulnerable. Additionally, you can inspect the directory from which the installer is run to ensure no malicious DLLs are present alongside the installer executable. There are no specific commands provided in the resources to detect the vulnerability automatically, but verifying the installer version and scanning for unexpected DLL files in the installer's directory are recommended steps. [2]

Mitigation Strategies

To mitigate this vulnerability, immediately update the Crucial Storage Executive installer to version 11.08.082025.00 or later. Avoid running the installer from untrusted directories where a malicious DLL could be placed. Ensure that users do not execute the installer from directories containing unverified files. Applying the update removes the DLL preloading vulnerability and prevents local privilege escalation via this method. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71178. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart