CVE-2026-25865

HIGH EPSS 4.5%

Published Jun 18, 20261w ago · Modified Jun 23, 20261w ago

8.5 CVSS 4.0

High

Published Jun 18, 2026 1w ago

Last Modified Jun 23, 2026 1w ago

Description

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user.

CVSS Details

Base Score

8.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

4.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-428

References 3

spektion.com https://spektion.com/articles/cve-2026-25865-punto-switcher
vulncheck.com https://www.vulncheck.com/advisories/punto-switcher-unquoted-search-path-via-winexec
yandex.ru https://yandex.ru/soft/punto

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.