CVE-2026-25792

{"id": "CVE-2026-25792", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.6}]}, "published": "2026-03-20T11:18:01.753", "references": [{"url": "https://github.com/greenshot/greenshot/security/advisories/GHSA-f8v9-7fph-fr2j", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute path. The vulnerable behavior is triggered when the user double-clicks the application\u2019s tray icon, which opens the directory containing the most recent screenshot captured by the application. By placing a malicious executable with the same name in a location searched prior to the legitimate Windows binary, an attacker can gain code execution in the context of the application. This issue did not have a patch at the time of publication."}, {"lang": "es", "value": "Greenshot es una utilidad de captura de pantalla de c\u00f3digo abierto para Windows. Las versiones 1.3.312 e inferiores tienen una vulnerabilidad de ruta de b\u00fasqueda de ejecutables no confiable / secuestro de binarios que permite a un atacante local ejecutar c\u00f3digo arbitrario cuando la aplicaci\u00f3n de Windows afectada inicia explorer.exe sin usar una ruta absoluta. El comportamiento vulnerable se activa cuando el usuario hace doble clic en el icono de la bandeja de la aplicaci\u00f3n, lo que abre el directorio que contiene la captura de pantalla m\u00e1s reciente capturada por la aplicaci\u00f3n. Al colocar un ejecutable malicioso con el mismo nombre en una ubicaci\u00f3n buscada antes que el binario leg\u00edtimo de Windows, un atacante puede obtener la ejecuci\u00f3n de c\u00f3digo en el contexto de la aplicaci\u00f3n. Este problema no ten\u00eda un parche en el momento de la publicaci\u00f3n."}], "lastModified": "2026-03-23T15:51:14.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getgreenshot:greenshot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B340B100-847F-4824-9932-4C01557EFC42", "versionEndIncluding": "1.3.312"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}