Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.
AnalysisAI
Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.
Technical ContextAI
This vulnerability stems from CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints), which indicates the affected software fails to properly validate or restrict which entities can communicate with critical system components. UpdateNavi and UpdateNaviInstallService are software update and installation services that typically operate with elevated privileges and interact with Windows registry. The improper channel restriction allows authenticated local users to inject malicious data that bypasses intended communication safeguards, leading to unvalidated registry modifications or code execution in the service context. The vulnerability affects the communication protocols or IPC mechanisms between client processes and the privileged service components, suggesting inadequate input validation or endpoint authentication on the service side.
RemediationAI
Upgrade UpdateNavi to version L34 or later; priority: Critical Upgrade UpdateNaviInstallService to version 1.2.0126 or later; priority: Critical Workaround: Restrict local user account privileges to minimum necessary; enforce strong local access controls and disable non-essential local user accounts on systems running vulnerable versions; priority: High Workaround: Monitor Windows Event Viewer for suspicious registry modification attempts and unusual UpdateNavi/UpdateNaviInstallService service activity; priority: Medium Mitigation: Implement application whitelisting to restrict execution from UpdateNavi service contexts; use AppLocker or Windows Defender Application Control (WDAC); priority: High Detection: Monitor for CWE-923 exploitation patterns: unauthorized registry writes to HKLM\, unexpected child processes from service context, and malformed IPC communication attempts to UpdateNavi services; priority: Medium
Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by
The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co
Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in
A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr
Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit
Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18161