CVE-2025-4525 – Discord WINSTA.dll Uncontrolled Search Path Vulnerability

May 10, 2025

CVE ID : CVE-2025-4525

Published : May 10, 2025, 11:15 p.m. | 1 hour, 9 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleUIBeam is a lightweight, JSX-style HTML template engine

Next Article CVE-2025-47816 – GNU PSPP XML Processing Out-of-Bounds Read Vulnerability

Highlights

CVE-2025-5986 – Thunderbird Automatic PDF Download Vulnerability

June 11, 2025

CVE ID : CVE-2025-5986

Published : June 11, 2025, 12:15 p.m. | 1 hour, 11 minutes ago

Description : A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user’s desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-4525 – Discord WINSTA.dll Uncontrolled Search Path Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

IPFire 2.29 Core Update 194: Tutte le novità del firewall GNU/Linux con kernel 6.12 LTS

GitHub introduces security campaigns to help developers reduce security debt

CVE-2025-3280 – ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL Injection

I tested Shure’s most affordable USB microphone to see if this legendary brand is also the best bang for your buck

CVE-2025-5986 – Thunderbird Automatic PDF Download Vulnerability

CVE-2025-28381 – OpenC3 COSMOS Environment Variable Credential Leak

JavaScript Pulse: Weekly Dev Digest – May 2, 2025

CVE-2025-4206 – Groundhogg WordPress File Deletion Vulnerability (Arbitrary File Deletion)

CVE-2025-4525 – Discord WINSTA.dll Uncontrolled Search Path Vulnerability

Related Posts