CVE-2025-10213:
DLL search path hijacking vulnerability in UPDF.exe version 1.8.5.0 for Windows allows local attackers to execute arbitrary code.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.8High- Published Date:Sep 10, 2025
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.0
- EPSS Percentile:2%
Exploitability
- Score:1.8
- Attack Vector:LOCAL
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:REQUIRED
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
DLL search path hijacking vulnerability in UPDF.exe version 1.8.5.0 for Windows allows local attackers to execute arbitrary code.
Overview
The vulnerability (CVE-2025-10213) affects UPDF version 1.8.5.0 on Windows systems. It is caused by the application's insecure DLL loading mechanism, which can be exploited to load a malicious DLL instead of the intended one. The vulnerability has a CVSS v4.0 base score of 7.0 (High) and a CVSS v3.1 base score of 7.8 (High). Exploitation requires local access and user interaction, but no elevated privileges. The potential impact includes compromise of system confidentiality, integrity, and availability.
Remediation
- To mitigate this vulnerability, consider the following steps:
- 1. Update UPDF to the latest version if a patch is available.
- 2. Implement application whitelisting to prevent unauthorized executables from running.
- 3. Restrict write permissions to the WindowsApps directory.
- 4. Educate users about the risks of running untrusted applications or opening suspicious files.
- 5. Implement regular security audits to detect any unauthorized DLL files in sensitive directories.
- 6. Consider using third-party tools that can help prevent DLL hijacking attacks.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
