CVE-2025-4525: Discord WINSTA.dll uncontrolled search path
First published: Sat May 10 2025(Updated: )
A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Discord Top.gg |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4525?
CVE-2025-4525 has been classified as a critical vulnerability.
How does CVE-2025-4525 affect Discord?
CVE-2025-4525 affects an unknown functionality in the WINSTA.dll library of Discord.
What type of attack does CVE-2025-4525 facilitate?
CVE-2025-4525 allows for uncontrolled search path manipulation, requiring local access for exploitation.
What version of Discord is impacted by CVE-2025-4525?
CVE-2025-4525 impacts Discord version 1.0.9188 on Windows.
How can I mitigate the risks associated with CVE-2025-4525?
Mitigation of CVE-2025-4525 involves updating to a patched version of Discord once it becomes available.
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/references
- agent/first-publish-date
- agent/title
- agent/type
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/discord
- canonical/discord top.gg