CVE-2025-0733: Postman profapi.dll untrusted search path
First published: Mon Jan 27 2025(Updated: )
A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| antsle Antman | <=11.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0733?
CVE-2025-0733 is classified as a problematic vulnerability.
How do I fix CVE-2025-0733?
To address CVE-2025-0733, update Postman to a version higher than 11.20.
Which versions of Postman are affected by CVE-2025-0733?
CVE-2025-0733 affects all versions of Postman up to and including 11.20.
What type of vulnerability is CVE-2025-0733?
CVE-2025-0733 is characterized as an untrusted search path vulnerability.
Is CVE-2025-0733 exploitable remotely?
CVE-2025-0733 requires a local attack to be exploited.
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/source
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/postman
- canonical/antsle antman