216.73.217.98

CVE-2025-49148

· Published 11/06/2025 15:15 · Modified 12/06/2025 16:06

Labels: CVE-2025-49148 2025-06-11CVE-2025-49148CWE-427[email protected]

Essential information

Published
11/06/2025 15:15
Modified
12/06/2025 16:06
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
clipshare / clipshare cpe:2.3:a:clipshare:clipshare:3.8.5:*:*:*:*:*:*:*

References