CVE-2025-22894

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Published Feb 6, 2025

CWE ID 422

Summary

CVE-2025-22894 is a vulnerability affecting Defense Platform Home Edition Version 3.9.51.x and earlier. This issue involves an unprotected Windows messaging channel, specifically referred to as 'Shatter.' An attacker can exploit this weakness by sending a carefully crafted message to a specific process running on the Windows system where the product is installed. By taking advantage of this vulnerability, the attacker can manipulate arbitrary files within the system, potentially executing an arbitrary DLL with SYSTEM privilege.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/21QoqX
https://www.cve.org/CVERecord?id=CVE-2025-22894
https://nvd.nist.gov/vuln/detail/CVE-2025-22894

Back to Vulnerability Database

CVE-2025-22894

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations