CVE-2026-25191
HIGHCVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege.
Analysis
Arbitrary code execution in FinalCode Client installer (Digital Arts Inc.) results from unsafe DLL loading that allows an attacker to place a malicious library in the same directory as the installer and execute it with elevated privileges when a user runs the installation. This local attack requires user interaction to place the malicious file and execute the installer, but poses significant risk as there is currently no available patch.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all FinalCode Client installations across the environment and restrict user access to affected systems pending remediation. Within 7 days: Implement application whitelisting and DLL search path restrictions on systems running FinalCode Client; contact Digital Arts Inc. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today