Privilege Escalation Vulnerability in Everything by Voidtools
CVE-2025-12683

7.3HIGH

Key Information:

Vendor: Voidtools
Status: Everything
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-12683?

A vulnerability in Everything, a search tool by Voidtools, stems from the service running with SYSTEM privileges and communicating with its GUI via a named pipe that has a NULL Discretionary Access Control List (DACL). This misconfiguration grants all users unrestricted access to the named pipe, potentially allowing a low-privileged user to exploit this weakness for service denial or privilege escalation when combined with other vulnerabilities.

Affected Version(s)

Everything 1.4.1.1029

References

https://www.voidtools.com/

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Nov 4, 2025

Credit

Abdul Mhanni

JSON