CVE-2026-25191
Received Received - Intake
DLL Search Path Vulnerability in FinalCode Client Installer Enables Code Execution

Publication date: 2026-02-26

Last updated on: 2026-02-26

Assigner: JPCERT/CC

Description
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25191
EUVD
EUVD-2026-8835
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
digital_arts_inc finalcode_client 5.43R01
digital_arts_inc finalcode_client 6.51R01
digital_arts_inc finalcode 5.43R01
digital_arts_inc finalcode 6.51R01
digital_arts_inc m-filter *
digital_arts_inc finalcode@cloud *
digital_arts_inc finalcode_ad_sync_agent *
digital_arts_inc finalcode_outlook_add-in *
digital_arts_inc finalcode_api *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-25191 is a security vulnerability in the installer of FinalCode Client by Digital Arts Inc. It involves an issue with the DLL search path. If a user places a malicious DLL file in the same directory as the installer and then executes the installer, the malicious DLL may be loaded and executed with the installer's execution privileges."}, {'type': 'paragraph', 'content': 'This vulnerability allows arbitrary code execution with the privileges of the installer, which can lead to unauthorized actions on the affected system.'}] [2]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can allow a non-administrative user to execute arbitrary code with the installer's privileges, potentially leading to privilege escalation."}, {'type': 'paragraph', 'content': 'An attacker who successfully exploits this vulnerability could run malicious code with elevated privileges, which may result in unauthorized access, data compromise, or system control.'}, {'type': 'paragraph', 'content': 'Specifically, arbitrary code execution with high confidentiality, integrity, and availability impact is possible, meaning critical system functions and data could be compromised.'}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves placing a malicious DLL file in the same directory as the FinalCode Client installer and executing it, which leads to arbitrary code execution with the installer's privileges."}, {'type': 'paragraph', 'content': 'Detection would involve checking for the presence of unexpected or suspicious DLL files in the directories where the FinalCode Client installer is located.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to DLL search path issues and improper access control, you can inspect the installation directories for unauthorized DLL files and verify the permissions of these directories.'}, {'type': 'list_item', 'content': "On Windows systems, use commands like 'dir' or PowerShell 'Get-ChildItem' to list DLL files in the install directory."}, {'type': 'list_item', 'content': "Use 'icacls' command to check the access control lists (ACLs) of the installation directories to ensure they are not writable by non-administrative users."}, {'type': 'list_item', 'content': 'Example commands:'}, {'type': 'list_item', 'content': '1. List DLL files in the installer directory: `dir C:\\Path\\To\\FinalCodeInstaller\\*.dll`'}, {'type': 'list_item', 'content': '2. Check directory permissions: `icacls C:\\Path\\To\\FinalCodeInstaller`'}, {'type': 'list_item', 'content': '3. Use PowerShell to find suspicious DLLs: `Get-ChildItem -Path C:\\Path\\To\\FinalCodeInstaller -Filter *.dll`'}, {'type': 'paragraph', 'content': 'Monitoring execution logs or endpoint detection tools for unexpected execution of the installer from untrusted directories or with unexpected DLLs loaded may also help detect exploitation attempts.'}] [2]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, the primary step is to update the FinalCode Client and related components to the latest patched versions.'}, {'type': 'list_item', 'content': 'Update to FinalCode Ver.6.51R01 or later, which includes fixes for this vulnerability.'}, {'type': 'list_item', 'content': 'Ensure the automatic update function of the FinalCode Client is enabled to apply patches automatically.'}, {'type': 'list_item', 'content': 'If automatic updates are disabled, manually download and install the latest patched versions following official instructions.'}, {'type': 'list_item', 'content': 'Update related components such as the FinalCode shared folder automatic encryption module, FinalCode AD Sync Agent, FinalCode Outlook Add-In, and FinalCode API.'}, {'type': 'list_item', 'content': "For users who no longer use these products, uninstall all related modules and delete the 'finalcode_api' folder to reduce risk."}, {'type': 'paragraph', 'content': 'Additionally, verify and correct the access control lists (ACLs) on the installation directories to prevent non-administrative users from placing malicious DLLs.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25191. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart