CVE-2025-61161

Published: Oct 29, 2025

Modified: Oct 29, 2025

PUBLISHED

Description

DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that location. The vulnerable component is Evope.Service.exe, which runs with SYSTEM privileges and automatically loads the DLL on startup or reboot.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.evope.tech/

https://xavilok.es/dll-hijacking-in-evopeservice--system-to-gui-shell

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-61161

Description

Affected Products

References