CVE-2025-20094

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN66673020/	Third Party Advisory
https://www.hummingheads.co.jp/dep/storelist/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:hummingheads:defense_platform:*:*:*:*:home:*:*:*

History

04 Feb 2026, 20:24

Type	Values Removed	Values Added
Summary		(es) Existe un problema de canal de mensajería de Windows desprotegido ("Shatter") en Defense Platform Home Edition Ver.3.9.51.x y versiones anteriores. Si un atacante envía un mensaje especialmente manipulado al proceso específico del sistema Windows donde se ejecuta el producto, se puede ejecutar código arbitrario con privilegio SYSTEM.
CPE		cpe:2.3:a:hummingheads:defense_platform:::::home:::*
References	~~() https://jvn.jp/en/jp/JVN66673020/ -~~	() https://jvn.jp/en/jp/JVN66673020/ - Third Party Advisory
References	~~() https://www.hummingheads.co.jp/dep/storelist/ -~~	() https://www.hummingheads.co.jp/dep/storelist/ - Product
First Time		Hummingheads Hummingheads defense Platform

06 Feb 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-06 08:15

Updated : 2026-02-04 20:24

NVD link : CVE-2025-20094

Mitre link : CVE-2025-20094

CVE.ORG link : CVE-2025-20094

JSON object : View

Products Affected

hummingheads

defense_platform

CWE

CWE-422

Unprotected Windows Messaging Channel ('Shatter')

8.8 /10