CVE-2025-1804

Published: Mar 1, 2025

Modified: Mar 7, 2025

PUBLISHED

CVSS v3.1

7.0

HIGH

Description

A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level.

Vendor	Product	Versions
Blizzard	Battle.Net	affected `2.39.0.15212`

Weaknesses (CWE)

CWE-427

CWE-426

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

VDB-298040 | Blizzard Battle.Net profapi.dll uncontrolled search path

vdb-entry

technical-description

VDB-298040 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #485034 | Blizzard Battle.net 2.39.0.15212 Command Injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-1804

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References