Uncontrolled Search Path Vulnerability in Blizzard Battle.Net on Windows
CVE-2025-1804

7.3HIGH

Key Information:

Vendor

Blizzard

Status
Battle.net
Vendor
CVE Published:
1 March 2025

What is CVE-2025-1804?

A vulnerability has been identified in Blizzard Battle.Net up to version 2.39.0.15212 on Windows, specifically within the profapi.dll library. This issue involves an uncontrolled search path that may allow local attackers to exploit the software. While the complexities of executing this attack are notably high, it remains essential for users to be aware of the potential risks and to implement appropriate security measures to safeguard their systems.

Affected Version(s)

Battle.Net 2.39.0.15212

References

https://vuldb.com/?id.298040
vdb-entrytechnical-description
https://vuldb.com/?ctiid.298040
signaturepermissions-required
https://vuldb.com/?submit.485034
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.