DLL search order hijack in Wave by Grandstream Networks

7 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions.

Basic Information

ID CVE-2025-40979

Source INCIBE

Published Sep 10, 2025 at 11:35

Affected Product

Vendor Grandstream Networks

Product Wave

Affected Versions Grandstream Networks Wave 0

CWE Classification

CWE-427

References

www.incibe.es /en/incibe-cert/notices/aviso/dll-search-order-hijack-wave-grandstream-networks

{
    "lastseen": "",
    "description": "DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\\Users<user>\\AppData\\Local\\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions.",
    "published": "2025-09-10T11:35:57.252Z",
    "modified": "2025-09-10T11:35:57.252Z",
    "type": "cve",
    "title": "DLL search order hijack in Wave by Grandstream Networks",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/dll-search-order-hijack-wave-grandstream-networks",
    "id": "CVE-2025-40979",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "Grandstream Networks Wave 0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Wave",
    "version": "0",
    "vendor": "Grandstream Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

DLL search order hijack in Wave by Grandstream Networks_CVE-2025-40979