CVE-2025-71178

HIGH EPSS 8.2%

Published Jan 26, 20265mo ago · Modified Jun 17, 20261w ago

7.1 CVSS 4.0

High

Published Jan 26, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges.

CVSS Details

Base Score

7.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction A

Scope X

Threat Intelligence

EPSS Exploit Probability

8.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-427

References 2

eu.crucial.com https://eu.crucial.com/support/storage-executive
vulncheck.com https://www.vulncheck.com/advisories/crucial-storage-executive-installer-dll-preloading-lpe

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.