CVE-2025-22890

Published: Feb 6, 2025Modified: Feb 4, 2026

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.

Affected (1)

Products: Hummingheads: Defense Platform

Hummingheads

1 product

Defense Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hummingheads Defense Platform	Up to 3.9.51.0

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (2)

https://jvn.jp/en/jp/JVN66673020/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.hummingheads.co.jp/dep/storelist/

Source: vultures@jpcert.or.jp

Product

Timeline

No history available yet.