CVE-2025-0732: Discord profapi.dll untrusted search path
First published: Mon Jan 27 2025(Updated: )
A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Discord | <=1.0.9177 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0732?
CVE-2025-0732 is classified as a problematic vulnerability.
What type of vulnerability is CVE-2025-0732?
CVE-2025-0732 involves untrusted search path manipulation in the profapi.dll library.
How do I fix CVE-2025-0732?
To mitigate CVE-2025-0732, update Discord to a version later than 1.0.9177.
Which versions of Discord are affected by CVE-2025-0732?
CVE-2025-0732 affects Discord versions up to 1.0.9177 on Windows.
Is CVE-2025-0732 a remote vulnerability?
CVE-2025-0732 requires local access to exploit the vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/source
- agent/event
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/discord
- canonical/discord