CVE-2026-25191
DLL Search Path Vulnerability in FinalCode Client Installer Enables Code Execution
Publication date: 2026-02-26
Last updated on: 2026-02-26
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digital_arts_inc | finalcode_client | 5.43R01 |
| digital_arts_inc | finalcode_client | 6.51R01 |
| digital_arts_inc | finalcode | 5.43R01 |
| digital_arts_inc | finalcode | 6.51R01 |
| digital_arts_inc | m-filter | * |
| digital_arts_inc | finalcode@cloud | * |
| digital_arts_inc | finalcode_ad_sync_agent | * |
| digital_arts_inc | finalcode_outlook_add-in | * |
| digital_arts_inc | finalcode_api | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-25191 is a security vulnerability in the installer of FinalCode Client by Digital Arts Inc. It involves an issue with the DLL search path. If a user places a malicious DLL file in the same directory as the installer and then executes the installer, the malicious DLL may be loaded and executed with the installer's execution privileges."}, {'type': 'paragraph', 'content': 'This vulnerability allows arbitrary code execution with the privileges of the installer, which can lead to unauthorized actions on the affected system.'}] [2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can allow a non-administrative user to execute arbitrary code with the installer's privileges, potentially leading to privilege escalation."}, {'type': 'paragraph', 'content': 'An attacker who successfully exploits this vulnerability could run malicious code with elevated privileges, which may result in unauthorized access, data compromise, or system control.'}, {'type': 'paragraph', 'content': 'Specifically, arbitrary code execution with high confidentiality, integrity, and availability impact is possible, meaning critical system functions and data could be compromised.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves placing a malicious DLL file in the same directory as the FinalCode Client installer and executing it, which leads to arbitrary code execution with the installer's privileges."}, {'type': 'paragraph', 'content': 'Detection would involve checking for the presence of unexpected or suspicious DLL files in the directories where the FinalCode Client installer is located.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to DLL search path issues and improper access control, you can inspect the installation directories for unauthorized DLL files and verify the permissions of these directories.'}, {'type': 'list_item', 'content': "On Windows systems, use commands like 'dir' or PowerShell 'Get-ChildItem' to list DLL files in the install directory."}, {'type': 'list_item', 'content': "Use 'icacls' command to check the access control lists (ACLs) of the installation directories to ensure they are not writable by non-administrative users."}, {'type': 'list_item', 'content': 'Example commands:'}, {'type': 'list_item', 'content': '1. List DLL files in the installer directory: `dir C:\\Path\\To\\FinalCodeInstaller\\*.dll`'}, {'type': 'list_item', 'content': '2. Check directory permissions: `icacls C:\\Path\\To\\FinalCodeInstaller`'}, {'type': 'list_item', 'content': '3. Use PowerShell to find suspicious DLLs: `Get-ChildItem -Path C:\\Path\\To\\FinalCodeInstaller -Filter *.dll`'}, {'type': 'paragraph', 'content': 'Monitoring execution logs or endpoint detection tools for unexpected execution of the installer from untrusted directories or with unexpected DLLs loaded may also help detect exploitation attempts.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, the primary step is to update the FinalCode Client and related components to the latest patched versions.'}, {'type': 'list_item', 'content': 'Update to FinalCode Ver.6.51R01 or later, which includes fixes for this vulnerability.'}, {'type': 'list_item', 'content': 'Ensure the automatic update function of the FinalCode Client is enabled to apply patches automatically.'}, {'type': 'list_item', 'content': 'If automatic updates are disabled, manually download and install the latest patched versions following official instructions.'}, {'type': 'list_item', 'content': 'Update related components such as the FinalCode shared folder automatic encryption module, FinalCode AD Sync Agent, FinalCode Outlook Add-In, and FinalCode API.'}, {'type': 'list_item', 'content': "For users who no longer use these products, uninstall all related modules and delete the 'finalcode_api' folder to reduce risk."}, {'type': 'paragraph', 'content': 'Additionally, verify and correct the access control lists (ACLs) on the installation directories to prevent non-administrative users from placing malicious DLLs.'}] [1, 2]