Untrusted Search Path Vulnerability in Discord for Windows
CVE-2025-0732

2LOW

Key Information:

Vendor

Discord

Status
Discord
Vendor
CVE Published:
27 January 2025

What is CVE-2025-0732?

A vulnerability exists in the Discord application for Windows, specifically related to an untrusted search path in the profapi.dll library. This design flaw can potentially allow malicious local users to influence the search path during execution, thereby leading to the execution of arbitrary or unintended code. Although this exploitation is technically complex and difficult to carry out, it presents significant risks if successfully executed. Despite early notification to the vendor regarding this issue, there has been no acknowledgment or response to address the vulnerability.

Affected Version(s)

Discord 1.0.9177

References

https://vuldb.com/?id.293510
vdb-entry
https://vuldb.com/?ctiid.293510
signaturepermissions-required
https://vuldb.com/?submit.481209
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
.