CVE-2025-5180

A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:wondershare:filmora:14.5.16:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*

History

03 Jun 2025, 15:45

Type Values Removed Values Added
CPE cpe:2.3:a:wondershare:filmora:14.5.16:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*
First Time Wondershare
Wondershare filmora
Microsoft
Microsoft windows
References () https://gist.github.com/shellkraft/aa66561e984e83052bd080f195a3ec80 - () https://gist.github.com/shellkraft/aa66561e984e83052bd080f195a3ec80 - Exploit
References () https://vuldb.com/?ctiid.310268 - () https://vuldb.com/?ctiid.310268 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.310268 - () https://vuldb.com/?id.310268 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.580226 - () https://vuldb.com/?submit.580226 - Third Party Advisory, VDB Entry

28 May 2025, 18:15

Type Values Removed Values Added
References () https://gist.github.com/shellkraft/aa66561e984e83052bd080f195a3ec80 - () https://gist.github.com/shellkraft/aa66561e984e83052bd080f195a3ec80 -

28 May 2025, 15:01

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad clasificada como crítica en Wondershare Filmora 14.5.16. Este problema afecta a una funcionalidad desconocida en la librería CRYPTBASE.dll del archivo NFWCHK.exe del instalador de componentes. Esta manipulación genera una ruta de búsqueda incontrolada. Es necesario realizar un ataque local. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió.

26 May 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-26 10:15

Updated : 2025-06-03 15:45


NVD link : CVE-2025-5180

Mitre link : CVE-2025-5180

CVE.ORG link : CVE-2025-5180


JSON object : View

Products Affected

wondershare

  • filmora

microsoft

  • windows
CWE
CWE-426

Untrusted Search Path

CWE-427

Uncontrolled Search Path Element