CVE-2025-4539: Hainan ToDesk DLL File Parser profapi.dll uncontrolled search path
First published: Sun May 11 2025(Updated: )
A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hainan ToDesk | =4.7.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4539?
CVE-2025-4539 has been declared as critical.
How do I fix CVE-2025-4539?
To fix CVE-2025-4539, update Hainan ToDesk to the latest version recommended by the vendor.
What component is affected by CVE-2025-4539?
CVE-2025-4539 affects the profapi.dll in Hainan ToDesk 4.7.6.3.
What kind of vulnerability is CVE-2025-4539?
CVE-2025-4539 is a vulnerability that leads to an uncontrolled search path.
Can CVE-2025-4539 be exploited remotely?
Yes, CVE-2025-4539 can potentially allow an attacker to execute code on the affected system.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/title
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/hainan
- canonical/hainan todesk