CVE-2025-7427

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://developer.arm.com/documentation/110691	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*

History

18 Dec 2025, 17:19

Type	Values Removed	Values Added
First Time		Arm Arm arm Development Studio
References	~~() https://developer.arm.com/documentation/110691 -~~	() https://developer.arm.com/documentation/110691 - Vendor Advisory
CPE		cpe:2.3:a:arm:arm_development_studio::::::::

23 Jul 2025, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
Summary		(es) Un elemento de ruta de búsqueda no controlado en Arm Development Studio antes de 2025 podría permitir a un atacante realizar un ataque de secuestro de DLL. Una explotación exitosa podría provocar la ejecución local de código arbitrario en el contexto del usuario que ejecuta Arm Development Studio.

22 Jul 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-22 10:15

Updated : 2025-12-18 17:19

NVD link : CVE-2025-7427

Mitre link : CVE-2025-7427

CVE.ORG link : CVE-2025-7427

JSON object : View

Products Affected

arm

arm_development_studio

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2025-7427", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}]}, "published": "2025-07-22T10:15:25.923", "references": [{"url": "https://developer.arm.com/documentation/110691", "tags": ["Vendor Advisory"], "source": "arm-security@arm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "arm-security@arm.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled Search Path Element in Arm Development Studio before 2025\u00a0may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio."}, {"lang": "es", "value": "Un elemento de ruta de b\u00fasqueda no controlado en Arm Development Studio antes de 2025 podr\u00eda permitir a un atacante realizar un ataque de secuestro de DLL. Una explotaci\u00f3n exitosa podr\u00eda provocar la ejecuci\u00f3n local de c\u00f3digo arbitrario en el contexto del usuario que ejecuta Arm Development Studio."}], "lastModified": "2025-12-18T17:19:19.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52620C12-2C92-491C-A07E-79D90EF5BBB0", "versionEndExcluding": "2025.0"}], "operator": "OR"}]}], "sourceIdentifier": "arm-security@arm.com"}