216.73.217.64

CVE-2025-26624

· Published 18/02/2025 23:15 · Modified 18/02/2025 23:15

Labels: CVE-2025-26624 2025-02-18CVE-2025-26624CWE-426[email protected]

Essential information

Published
18/02/2025 23:15
Modified
18/02/2025 23:15
Author
Creator
CISA KEV
No
CWE

Description

Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References