Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path

7.3 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-13433

Source VulDB

Published Nov 20, 2025 at 00:32

Affected Product

Vendor Muse Group

Product MuseHub

Version 2.1.0.1567

Affected Versions Muse Group MuseHub 2.1.0.1567

CWE Classification

CWE-428 CWE-426

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\\Program Files\\WindowsApps\\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-11-20T00:32:05.854Z",
    "modified": "2025-11-20T00:32:05.854Z",
    "type": "cve",
    "title": "Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332977\nhttps://vuldb.com/?ctiid.332977\nhttps://vuldb.com/?submit.687547\nhttps://github.com/lakshayyverma/CVE-Discovery/blob/main/Musehub.md",
    "id": "CVE-2025-13433",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428",
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "Muse Group MuseHub 2.1.0.1567",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MuseHub",
    "version": "2.1.0.1567",
    "vendor": "Muse Group",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path_CVE-2025-13433