Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
AnalysisAI
DLL hijacking in i-PRO Co., Ltd.'s IP Setting Software enables local attackers with low privileges to execute arbitrary code with administrative privileges when victims open the application. The vulnerability stems from insecure DLL search path handling (CWE-427), allowing attackers to plant malicious DLLs that load during software execution. While exploitation requires local access and user interaction (CVSS:3.0/AV:L/AC:L/PR:L/UI:R), successful attacks achieve complete system compromise with elevated privileges. No active exploitation confirmed at time of analysis, with EPSS and KEV data unavailable for this recently published CVE.
Technical ContextAI
This vulnerability exploits Windows DLL search order mechanisms where applications search for required libraries in predictable locations. CWE-427 (Uncontrolled Search Path Element) occurs when IP Setting Software fails to specify absolute paths for dependent DLLs or doesn't validate DLL locations before loading. Attackers can place malicious DLLs in directories checked before system paths (such as the application directory or current working directory), causing the software to load attacker-controlled code. The affected product (cpe:2.3:a:i-pro_co.,_ltd.:ip_setting_software) is network camera configuration software from i-PRO Co., Ltd., typically installed on administrative workstations managing surveillance camera infrastructure. The privilege escalation from low-privilege user to administrative rights represents the security boundary crossing that elevates this from a code execution issue to a full system compromise vulnerability.
RemediationAI
Primary remediation requires upgrading IP Setting Software to the patched version specified in i-PRO's security advisory at https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories. Exact patched version number not confirmed in NVD data - consult vendor advisory directly. During patch deployment window, implement these compensating controls: (1) Restrict IP Setting Software installation to dedicated administrative workstations with single-user access to eliminate privilege escalation opportunities. (2) Configure application directories with strict NTFS permissions preventing standard users from writing files, blocking DLL planting in application folders. (3) Enable Windows application whitelisting (AppLocker or Windows Defender Application Control) to prevent unsigned DLL loading from non-system paths - note this may impact legitimate software updates and requires testing. (4) Deploy endpoint detection solutions monitoring for DLL hijacking indicators such as unusual DLL loads from writable directories. (5) Run IP Setting Software from read-only network shares when possible, though this may impact functionality. Trade-off consideration: Restricting write access to application directories can interfere with software auto-update mechanisms. Monitor the JVN advisory at https://jvn.jp/en/jp/JVN42090270/ for additional technical details as the coordinated disclosure progresses.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25194
GHSA-j3m8-qm5j-mgwc