Refine your search
2 vulnerabilities found for by Revenera
CVE-2025-12418 (GCVE-0-2025-12418)
Vulnerability from cvelistv5
Published
2025-11-07 21:27
Modified
2025-11-13 14:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and InstallShield2023R2-CVE-2025-12418-SecurityPatch.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revenera | InstallShield |
Version: 2023.R1 ≤ 2023.R2 Version: 2024.R1 ≤ 2024.R2 Version: 2025.R1 < InstallShield2025R1-CVE-2025-12418-SecurityPatch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T14:26:00.754643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:26:11.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "InstallShield",
"vendor": "Revenera",
"versions": [
{
"changes": [
{
"at": "InstallShield2023R2-CVE-2025-12418-SecurityPatch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2023.R2",
"status": "affected",
"version": "2023.R1",
"versionType": "semver"
},
{
"changes": [
{
"at": "InstallShield2024R2-CVE-2025-12418-SecurityPatch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2024.R2",
"status": "affected",
"version": "2024.R1",
"versionType": "semver"
},
{
"lessThan": "InstallShield2025R1-CVE-2025-12418-SecurityPatch",
"status": "affected",
"version": "2025.R1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revenera:installshield:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "2023.r2",
"versionStartIncluding": "2023.r1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revenera:installshield:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "2024.r2",
"versionStartIncluding": "2024.r1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revenera:installshield:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "installshield2025r1-cve-2025-12418-securitypatch",
"versionStartIncluding": "2025.r1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes\u0026nbsp;InstallShield2025R1-CVE-2025-12418-SecurityPatch, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstallShield2024R2-CVE-2025-12418-SecurityPatch, and\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstallShield2023R2-CVE-2025-12418-SecurityPatch.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes\u00a0InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and\u00a0InstallShield2023R2-CVE-2025-12418-SecurityPatch."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T21:27:04.650Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"url": "https://community.revenera.com/s/article/CVE-2025-12418-Potential-Unintended-File-Deletion-Issue-Caused-by-InstallShield-Suite-Uninstallation-Process"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply hotfixes\u0026nbsp;InstallShield2025R1-CVE-2025-12418-SecurityPatch,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstallShield2024R2-CVE-2025-12418-SecurityPatch, or\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstallShield2023R2-CVE-2025-12418-SecurityPatch.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Apply hotfixes\u00a0InstallShield2025R1-CVE-2025-12418-SecurityPatch,\u00a0InstallShield2024R2-CVE-2025-12418-SecurityPatch, or\u00a0InstallShield2023R2-CVE-2025-12418-SecurityPatch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Denial of Service in Supported Versions of Revenera InstallShield",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2025-12418",
"datePublished": "2025-11-07T21:27:04.650Z",
"dateReserved": "2025-10-28T16:09:55.027Z",
"dateUpdated": "2025-11-13T14:26:11.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14012 (GCVE-0-2024-14012)
Vulnerability from cvelistv5
Published
2025-10-29 15:30
Modified
2025-10-29 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed in versions 2023 R2 and later.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revenera | InstallShield |
Version: 2023.R1 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-14012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T17:40:07.042413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T17:40:17.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "InstallShield",
"vendor": "Revenera",
"versions": [
{
"status": "affected",
"version": "2023.R1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revenera:installshield:2023.r1:*:windows:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed in versions 2023 R2 and later."
}
],
"value": "Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed in versions 2023 R2 and later."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:30:53.784Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"url": "https://community.revenera.com/s/article/CVE-2024-14012-Potential-Privilege-Escalation-in-InstallShield-2023-R1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to Revenera InstallShield 2023 R2 or later."
}
],
"value": "Update to Revenera InstallShield 2023 R2 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Privilege Escalation in Revenera InstallShield 2023 R1",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2024-14012",
"datePublished": "2025-10-29T15:30:53.784Z",
"dateReserved": "2025-10-28T16:10:03.710Z",
"dateUpdated": "2025-10-29T17:40:17.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}