Remote Code Execution Vulnerability in Malwarebytes Binisoft Windows Firewall Control
CVE-2024-25089

9.8CRITICAL

Key Information:

Vendor: Malwarebytes
Status: Binisoft Windows Firewall Control
Vendor: CVE Published:; 4 February 2024

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2024-25089?

The vulnerability in Malwarebytes Binisoft Windows Firewall Control prior to version 6.9.9.2 allows remote attackers to exploit the application through gRPC named pipes, enabling them to execute arbitrary code on the target system. This vulnerability can lead to serious security breaches, making it imperative for users to upgrade to the latest version to mitigate potential risks.

References

https://hackerone.com/reports/2300061

https://www.binisoft.org/changelog.txt

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2024
Vulnerability Reserved
Feb 4, 2024

CVE-2024-25089 Data

JSON