What is the CVSS score of CVE-2026-25792?

CVE-2026-25792 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2026-25792?

Organizations using Greenshot should be aware of notable risk from CVE-2026-25792 rated CVSS 6.5. Exploitation could compromise the security of affected deployments.

Windows CVE-2026-25792

EUVD-2026-13661 MEDIUM

Untrusted Search Path (CWE-426)

2026-03-20 GitHub_M

Windows RCE Microsoft

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 20, 2026 - 11:00 euvd

EUVD-2026-13661

Analysis Generated

Mar 20, 2026 - 11:00 vuln.today

CVE Published

Mar 20, 2026 - 10:04 nvd

MEDIUM 6.5

DescriptionNVD

Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute path. The vulnerable behavior is triggered when the user double-clicks the application’s tray icon, which opens the directory containing the most recent screenshot captured by the application. By placing a malicious executable with the same name in a location searched prior to the legitimate Windows binary, an attacker can gain code execution in the context of the application. This issue did not have a patch at the time of publication.

AnalysisAI

Greenshot versions 1.3.312 and earlier contain an untrusted executable search path vulnerability (CWE-426) that allows local attackers with high privileges to achieve arbitrary code execution by hijacking the explorer.exe binary launch. When a user double-clicks the Greenshot tray icon to open the screenshot directory, the application launches explorer.exe using a relative path rather than an absolute path, enabling an attacker to plant a malicious executable in a prioritized search location. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

7.5 May 28

{filename} endpoint. The flawed traversal filter only rejects forward slashes and '..' sequences, leaving absolute Windo

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-25792 vulnerability details – vuln.today

Back

Windows CVE-2026-25792

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code