Untrusted Search Path Vulnerability in Kong Insomnia up to Version 10.3.0
CVE-2025-1353

7.3HIGH

Key Information:

Vendor

Kong

Status
Insomnia
Vendor
CVE Published:
16 February 2025

What is CVE-2025-1353?

A security vulnerability exists in Kong Insomnia versions up to 10.3.0 due to improper handling within the profapi.dll library. This flaw enables the possibility of a malicious local user manipulating the system's search path, which could lead to arbitrary code execution under specific circumstances. The complexity and challenges involved in exploiting this vulnerability result in a localized attack vector, emphasizing the importance of secure coding practices and vulnerability management processes.

Affected Version(s)

Insomnia 10.0

Insomnia 10.1

Insomnia 10.2

References

https://vuldb.com/?id.295961
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295961
signaturepermissions-required
https://vuldb.com/?submit.496010
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.