CVE-2025-7427

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

U

ncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.

References

Link	Resource
https://developer.arm.com/documentation/110691	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*

History

18 Dec 2025, 17:19

Type	Values Removed	Values Added
First Time		Arm arm Development Studio Arm
CPE		cpe:2.3:a:arm:arm_development_studio::::::::
References	~~() https://developer.arm.com/documentation/110691 -~~	() https://developer.arm.com/documentation/110691 - Vendor Advisory

23 Jul 2025, 19:15

Type	Values Removed	Values Added
Summary		(es) Un elemento de ruta de búsqueda no controlado en Arm Development Studio antes de 2025 podría permitir a un atacante realizar un ataque de secuestro de DLL. Una explotación exitosa podría provocar la ejecución local de código arbitrario en el contexto del usuario que ejecuta Arm Development Studio.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

22 Jul 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-22 10:15

Updated : 2025-12-18 17:19

NVD link : CVE-2025-7427

Mitre link : CVE-2025-7427

CVE.ORG link : CVE-2025-7427

JSON object : View

Products Affected

arm_development_studio

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2025-7427", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}]}, "published": "2025-07-22T10:15:25.923", "references": [{"url": "https://developer.arm.com/documentation/110691", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled Search Path Element in Arm Development Studio before 2025\u00a0may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio."}, {"lang": "es", "value": "Un elemento de ruta de b\u00fasqueda no controlado en Arm Development Studio antes de 2025 podr\u00eda permitir a un atacante realizar un ataque de secuestro de DLL. Una explotaci\u00f3n exitosa podr\u00eda provocar la ejecuci\u00f3n local de c\u00f3digo arbitrario en el contexto del usuario que ejecuta Arm Development Studio."}], "lastModified": "2025-12-18T17:19:19.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52620C12-2C92-491C-A07E-79D90EF5BBB0", "versionEndExcluding": "2025.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}