How to fix CVE-2025-15595?

Within 24 hours: Inventory all systems running Inno Setup 6.2.1 or earlier and restrict installation privileges to trusted administrators only. Within 7 days: Evaluate upgrade path to patched version (6.2.2 or later) and test in non-production environment. Within 30 days: Complete migration of all affected systems to patched version or discontinue use of vulnerable Inno Setup installations.

Is Inno Setup affected by CVE-2025-15595?

Inno Setup versions 6.2.1 and earlier contain a privilege escalation vulnerability that could allow attackers to gain elevated system access through DLL hijacking.

CVE-2025-15595

HIGH

2026-03-03 db4dfee8-a97e-4877-bfae-eba6d14a2166

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 03, 2026 - 07:16 nvd

HIGH 7.8

Description

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.

Analysis

A privilege escalation vulnerability in Inno Setup 6.2.1 and earlier versions allows local attackers to gain elevated privileges through DLL hijacking. This vulnerability requires user interaction but no authentication, enabling attackers to execute arbitrary code with higher privileges by placing a malicious DLL in a location searched by the installer. While not currently listed in CISA KEV, the vulnerability has a moderate EPSS score of 0.043% and affects a widely-used Windows installer creation tool.

Technical Context

Inno Setup is a popular free installer for Windows programs, identified by CPE cpe:2.3:a:jrsoftware:inno_setup:*:*:*:*:*:*:*:* for versions up to and including 6.2.1. The vulnerability stems from CWE-1390 (Weak Authentication), though the specific manifestation is through DLL hijacking - a technique where an application loads a malicious DLL from an insecure location instead of the legitimate system DLL. This occurs when the installer searches for required DLLs using an unsafe search order, potentially loading untrusted libraries from user-writable directories before checking secure system locations.

Affected Products

Inno Setup versions 6.2.1 and all earlier versions are affected by this vulnerability, as confirmed by the CPE identifier cpe:2.3:a:jrsoftware:inno_setup:*:*:*:*:*:*:*:* with version constraints up to and including 6.2.1. The vendor JR Software maintains this widely-used free installer creation tool for Windows platforms. The specific vendor advisory or security bulletin has not been provided in the available references.

Remediation

Upgrade Inno Setup to version 6.2.2 or later, which should contain fixes for this DLL hijacking vulnerability. Until patching is possible, implement application whitelisting to prevent unauthorized DLL loading, ensure installers are only downloaded from trusted sources, and run installation processes with minimal privileges where possible. System administrators should audit and restrict write permissions on directories in the DLL search path, particularly user-writable locations that might be searched before system directories.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2025-15595 vulnerability details – vuln.today

Back

CVE-2025-15595

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-15595

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code