CVE-2025-1804

HIGH EPSS 6.3%

Published Mar 1, 20251y ago · Modified Jun 17, 20261w ago

7.3 CVSS 4.0

High

Published Mar 1, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level.

CVSS Details

Base Score

7.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity High

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

6.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-426

CWE-427

References 3

vuldb.com https://vuldb.com/?ctiid.298040
vuldb.com https://vuldb.com/?id.298040
vuldb.com https://vuldb.com/?submit.485034

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.