Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL.
AnalysisAI
Local privilege escalation in eMPIA Technology AVACAST allows authenticated local users to execute arbitrary code with SYSTEM privileges by placing a malicious DLL in a specific directory exploited during application startup. This DLL hijacking vulnerability (CWE-427) requires low-complexity exploitation with no user interaction once local access is obtained. Taiwan's TWCERT issued advisories on this vulnerability, indicating regional awareness though no CISA KEV listing or public exploit code has been identified at time of analysis.
Technical ContextAI
The vulnerability stems from insecure library loading (CWE-427: Uncontrolled Search Path Element), commonly known as DLL hijacking. When AVACAST launches, Windows searches for required DLLs using a predictable search order that includes user-writable directories before system paths. The application fails to specify absolute paths or validate DLL signatures, allowing attackers with local access and low privileges (PR:L) to plant malicious DLLs in the search path. When the application or system service loads the DLL, the attacker's code executes with the elevated privileges of the loading process-in this case, SYSTEM level. The affected product is identified via CPE as eMPIA Technology AVACAST, though specific version ranges are not provided in available data. CVSS 4.0 scoring indicates local attack vector (AV:L), low complexity (AC:L), and high impact to confidentiality, integrity, and availability (VC:H/VI:H/VA:H) with no scope change (SC:N/SI:N/SA:N).
RemediationAI
Consult the TWCERT advisories at https://www.twcert.org.tw/en/cp-139-10885-02d83-2.html for vendor-specific remediation guidance, as no independently confirmed patch version is available in NVD data at time of analysis. Organizations should contact eMPIA Technology directly for patch availability and update timelines. Until patched versions are deployed, implement compensating controls: (1) Restrict AVACAST installation directories to Administrator-only write permissions using NTFS ACLs, preventing standard users from placing files in application folders-this may break legitimate software updates requiring user intervention; (2) Deploy application whitelisting solutions (e.g., Windows Defender Application Control, AppLocker) configured to allow only signed DLLs from trusted publishers to load into AVACAST processes-this requires baseline policy development and may generate false positives during legitimate updates; (3) Monitor file creation events in AVACAST directories using EDR or SIEM tools, alerting on unauthorized DLL drops-generates operational overhead for security teams; (4) If AVACAST functionality permits, run the application with least-privilege service accounts rather than SYSTEM to limit post-exploitation impact-verify application functionality is maintained after privilege reduction.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26028