CVE-2025-24845

Published: Feb 6, 2025Modified: Jan 30, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition.

Affected (1)

Products: Hummingheads: Defense Platform

1 product

Defense Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hummingheads Defense Platform	Up to 3.9.51.0

Related CWEs

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References (2)

https://jvn.jp/en/jp/JVN66673020/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.hummingheads.co.jp/dep/storelist/

Source: vultures@jpcert.or.jp

Product

Timeline

No history available yet.