216.73.217.64

CVE-2025-71178

· Published 26/01/2026 18:16 · Modified 27/01/2026 14:59

Labels: CVE-2025-71178 2026-01-26CVE-2025-71178CWE-427[email protected]

Essential information

Published
26/01/2026 18:16
Modified
27/01/2026 14:59
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
crucial / storage executive cpe:2.3:a:crucial:storage_executive:*:*:*:*:*:*:*:*

References