CVE-2025-1353

A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.

CVSS v3 7.0 HIGH
CVSS v2.0 6.0 MEDIUM

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://vuldb.com/?ctiid.295961
https://vuldb.com/?id.295961
https://vuldb.com/?submit.496010

Configurations

No configuration.

History

26 Feb 2025, 08:13

Type	Values Removed	Values Added
Summary		(es) Se ha detectado una vulnerabilidad en Kong Insomnia hasta la versión 10.3.0 y se ha clasificado como crítica. Este problema afecta a algunos procesos desconocidos en la librería profapi.dll. La manipulación conduce a una ruta de búsqueda no fiable. Un ataque debe abordarse de forma local. La complejidad de un ataque es bastante alta. Se sabe que su explotación es difícil. Se contactó al proveedor con antelación sobre esta revelación, pero no respondió de ninguna manera.
Summary	(en) A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.	(en) A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.

16 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-16 15:15

Updated : 2025-02-26 08:13

NVD link : CVE-2025-1353

Mitre link : CVE-2025-1353

CVE.ORG link : CVE-2025-1353

JSON object : View

Products Affected

No product.

CWE

CWE-426

Untrusted Search Path

7.0 /10