Which versions of Discord are affected by CVE-2025-4525?

CVE-2025-4525 presents moderate security risk rated CVSS 7.3. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2025-4525?

Yes, a public proof-of-concept exploit is available for CVE-2025-4525. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-4525?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Discord CVE-2025-4525

Q: What is the CVSS score of CVE-2025-4525?

CVE-2025-4525 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

HIGH

Untrusted Search Path (CWE-426)

2025-05-10 cna@vuldb.com

Microsoft Information Disclosure Discord Windows

7.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:41 vuln.today

PoC Detected

Jul 01, 2025 - 20:23 vuln.today

Public exploit code

CVE Published

May 10, 2025 - 23:15 nvd

HIGH 7.3

DescriptionCVE.org

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-426. A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Affected products include: Discord.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-4525 vulnerability details – vuln.today

Back