CVE-2025-20094

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Feb 6, 2025

CWE ID 422

Summary

CVE-2025-20094 is a critical vulnerability affecting Defense Platform Home Edition Ver.3.9.51.x and earlier. This issue stems from an unprotected Windows messaging channel, specifically referred to as 'Shatter'. An attacker can exploit this vulnerability by sending a maliciously crafted message to a specific process of the Windows system where the product is installed. Successful exploitation allows the attacker to execute arbitrary code with SYSTEM privileges, posing a significant threat to the targeted system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/21QO4_
https://www.cve.org/CVERecord?id=CVE-2025-20094
https://nvd.nist.gov/vuln/detail/CVE-2025-20094

Back to Vulnerability Database

CVE-2025-20094

CVSS 3.0 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations