Command Injection Vulnerability in In Progress Telerik UI for WinUI
CVE-2024-12251

7.8HIGH

Key Information:

Vendor

Progress Software
Status
Telerik Ui For Winui
Vendor
CVE Published:
12 February 2025

What is CVE-2024-12251?

A command injection vulnerability exists in In Progress® Telerik® UI for WinUI prior to version 2025 Q1 (3.0.0). This issue arises from inadequate neutralization of hyperlink elements, allowing an attacker to execute arbitrary commands. Proper mitigation is essential to prevent exploitation and ensure application security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Telerik UI for WinUI Windows 2.0.0 < 3.0.0

References

https://docs.telerik.com/devtools/winui/security/kb-secur...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.