Improper Validation in Comodo Internet Security Premium 12.3.4.8162
CVE-2025-7096
9.2CRITICAL
What is CVE-2025-7096?
A significant security vulnerability has been identified in Comodo Internet Security Premium 12.3.4.8162, specifically located in the component Manifest File Handler within the file cis_update_x64.xml. This flaw arises from the improper validation of an integrity check value, which may allow an attacker to perform remote manipulation. Although the complexity of exploiting this vulnerability may be high, the potential risk remains due to its public disclosure. It is important to note that the vendor was alerted regarding this issue but did not respond.
Affected Version(s)
Internet Security Premium 12.3.4.8162
References
CVSS V4
Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
FPT IS Security (VulDB User)