Unquoted Search Path Vulnerability in Muse Group MuseHub Software
CVE-2025-13433

7.3HIGH

Key Information:

Vendor

Muse Group

Status
Musehub
Vendor
CVE Published:
20 November 2025

What is CVE-2025-13433?

A security flaw has been identified in Muse Group's MuseHub 2.1.0.1567, specifically affecting an unknown function within the Muse.Updater.exe file of the Windows Service component. This vulnerability arises from the presence of an unquoted search path, which could be exploited by an attacker with local access. The complexity of successfully executing an exploit is rated as high, making the attack challenging. Despite the disclosure being communicated to the vendor, no response has been recorded.

Affected Version(s)

MuseHub 2.1.0.1567

References

https://vuldb.com/?id.332977
vdb-entry
https://vuldb.com/?ctiid.332977
signaturepermissions-required
https://vuldb.com/?submit.687547
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lakshay12311 (VulDB User)
JSON
.
CVE-2025-13433 : Unquoted Search Path Vulnerability in Muse Group MuseHub Software