{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-7884","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-07-19T07:51:49.196Z","datePublished":"2025-07-20T11:02:05.370Z","dateUpdated":"2025-07-21T14:31:49.031Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-07-20T11:02:05.370Z"},"title":"Eluktronics Control Center REG File data authenticity","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-345","lang":"en","description":"Insufficient Verification of Data Authenticity"}]}],"affected":[{"vendor":"Eluktronics","product":"Control Center","versions":[{"version":"5.23.51.41","status":"affected"}],"modules":["REG File Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In Eluktronics Control Center 5.23.51.41 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente REG File Handler. Dank Manipulation mit unbekannten Daten kann eine insufficient verification of data authenticity-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.3,"vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":1.7,"vectorString":"AV:L/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-07-19T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-07-19T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-07-19T09:56:55.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"pipapupa (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.316999","name":"VDB-316999 | Eluktronics Control Center REG File data authenticity","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.316999","name":"VDB-316999 | CTI Indicators (IOB, IOC)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.611436","name":"Submit #611436 | Eluktronics Control Center 5.23.51.41 Unsafe Registry Execution via Modifiable .reg Files","tags":["third-party-advisory"]},{"url":"https://drive.proton.me/urls/5PQ1VRZ3CG#M2JyUWapaX85","tags":["exploit"]}]},"adp":[{"references":[{"url":"https://drive.proton.me/urls/5PQ1VRZ3CG#M2JyUWapaX85","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-21T14:31:46.276121Z","id":"CVE-2025-7884","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-21T14:31:49.031Z"}}]}}