Improper Validation in Comodo Internet Security Premium 12.3.4.8162
CVE-2025-7096
What is CVE-2025-7096?
A significant security vulnerability has been identified in Comodo Internet Security Premium 12.3.4.8162, specifically located in the component Manifest File Handler within the file cis_update_x64.xml. This flaw arises from the improper validation of an integrity check value, which may allow an attacker to perform remote manipulation. Although the complexity of exploiting this vulnerability may be high, the potential risk remains due to its public disclosure. It is important to note that the vendor was alerted regarding this issue but did not respond.
Affected Version(s)
Internet Security Premium 12.3.4.8162
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved