CVE-2025-71178

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges.

CVSS

No CVSS.

References

Link	Resource
https://eu.crucial.com/support/storage-executive
https://www.vulncheck.com/advisories/crucial-storage-executive-installer-dll-preloading-lpe

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Las versiones del instalador de Crucial Storage Executive anteriores a la 11.08.082025.00 contienen una vulnerabilidad de precarga de DLL. Durante la instalación, el instalador se ejecuta con privilegios elevados y carga DLL de Windows utilizando una ruta de búsqueda no controlada, lo que puede provocar que se cargue una DLL maliciosa colocada junto al instalador en lugar de la librería del sistema prevista. Un atacante local que pueda convencer a una víctima para que ejecute el instalador desde un directorio que contenga la DLL proporcionada por el atacante puede lograr la ejecución de código arbitrario con privilegios de administrador.

26 Jan 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-26 18:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-71178

Mitre link : CVE-2025-71178

CVE.ORG link : CVE-2025-71178

JSON object : View

Products Affected

No product.

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2025-71178", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-26T18:16:28.103", "references": [{"url": "https://eu.crucial.com/support/storage-executive", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/crucial-storage-executive-installer-dll-preloading-lpe", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges."}, {"lang": "es", "value": "Las versiones del instalador de Crucial Storage Executive anteriores a la 11.08.082025.00 contienen una vulnerabilidad de precarga de DLL. Durante la instalaci\u00f3n, el instalador se ejecuta con privilegios elevados y carga DLL de Windows utilizando una ruta de b\u00fasqueda no controlada, lo que puede provocar que se cargue una DLL maliciosa colocada junto al instalador en lugar de la librer\u00eda del sistema prevista. Un atacante local que pueda convencer a una v\u00edctima para que ejecute el instalador desde un directorio que contenga la DLL proporcionada por el atacante puede lograr la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios de administrador."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}