DLL Hijacking Vulnerability in TrueConf Client by TrueConf
CVE-2025-66835

7.1HIGH

Key Information:

Vendor: TrueConf
Status: TrueConf Client
Vendor: CVE Published:; 30 December 2025

What is CVE-2025-66835?

The TrueConf Client version 8.5.2 has a vulnerability that allows local attackers to exploit DLL hijacking through a specially crafted wfapi.dll file. This flaw enables attackers to execute arbitrary code within the context of a user's session, potentially compromising user data and system integrity. Users of the affected version should take immediate action to mitigate risks and update to a secure version.

References

http://trueconf.com

https://github.com/x00nullbit/CVE-References/blob/main/CV...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 8, 2025

CVE-2025-66835 Data

JSON