CVE-2025-1353: Kong Insomnia profapi.dll untrusted search path
First published: Sun Feb 16 2025(Updated: )
A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insomnia | <=10.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1353?
CVE-2025-1353 is classified as a critical severity vulnerability.
What products are affected by CVE-2025-1353?
CVE-2025-1353 affects Kong Insomnia versions up to and including 10.3.0.
How do I fix CVE-2025-1353?
To fix CVE-2025-1353, update Kong Insomnia to a version that is not vulnerable.
What type of vulnerability is CVE-2025-1353?
CVE-2025-1353 is a vulnerability that leads to an untrusted search path issue.
What is the attack complexity for CVE-2025-1353?
The attack complexity for CVE-2025-1353 is considered to be rather high.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/severity
- agent/source
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/description
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kong
- canonical/insomnia