DLL Search Order Hijacking in Wave.exe for Windows 11 by Grandstream Networks
CVE-2025-40979

7HIGH

Key Information:

Vendor: Grandstream Networks
Status: Wave
Vendor: CVE Published:; 10 September 2025

🔔 Create Grandstream Networks Vulnerability Alert

What is CVE-2025-40979?

A DLL search order hijacking vulnerability exists in the Wave.exe executable for Windows 11, specifically in version 1.27.8. An attacker with local access can exploit this vulnerability by placing a malicious file in the 'C:\Users\AppData\Local\Temp' directory. This could result in the execution of arbitrary code, allowing the attacker to potentially gain persistent access to the system. This security issue is exclusive to Windows 11 and does not affect earlier versions.

Affected Version(s)

Wave 0 < 1.27.11

References

https://www.incibe.es/en/incibe-cert/notices/aviso/dll-se...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Alexander Huaman Jaimes