Uncontrolled Search Path Vulnerability in SunloginClient by Shanghai Bairui Information Technology
CVE-2025-4532

7.3HIGH

Key Information:

Vendor

Shanghai Bairui Information Technology

Status
Sunloginclient
Vendor
CVE Published:
11 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-4532?

A vulnerability has been identified in SunloginClient 15.8.3.19819 from Shanghai Bairui Information Technology, affecting the process.dll library in the sunlogin_guard.exe file. This issue permits an attacker with local access to manipulate the search path, potentially allowing for further exploitation. Although the complexity of the attack is high and difficult to execute, the exploit has been publicly disclosed. Despite reaching out to the vendor prior to the disclosure, there has been no response. This highlights the ongoing risks associated with unpatched vulnerabilities.

Affected Version(s)

SunloginClient 15.8.3.19819

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-4532 - Proof of Concept

References

https://vuldb.com/?id.308277
vdb-entry
https://vuldb.com/?ctiid.308277
signaturepermissions-required
https://vuldb.com/?submit.566141
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ba1_Ma0 (VulDB User)
.
CVE-2025-4532 : Uncontrolled Search Path Vulnerability in SunloginClient by Shanghai Bairui Information Technology