Arbitrary Code Execution Vulnerability in Seagate Toolkit for Windows
CVE-2025-9267

7HIGH

Key Information:

Vendor: Seagate
Status: Toolkit
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-9267?

The Seagate Toolkit for Windows contains a vulnerability in the Toolkit Installer prior to version 2.35.0.6, where it improperly loads dynamic link libraries (DLLs) from the current working directory without validating their source or integrity. An attacker could exploit this flaw by placing a malicious DLL alongside the installer executable, potentially permitting arbitrary code execution with the privileges of the user executing the installer. This vulnerability arises from insecure DLL loading methodologies, such as the use of relative paths or failing to use fully qualified paths when accessing system libraries. Users are advised to update to the latest version to mitigate risks associated with this security issue.

Affected Version(s)

Toolkit Windows 0 < 2.35.0.6

References

https://www.seagate.com/product-security/#security-adviso...

https://www.seagate.com/support/software/toolkit/

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Aug 20, 2025

JSON