{“lastseen”:””,”description”:”When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges.\\nThis issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.”,”published”:”2025-11-19T02:50:57.285Z”,”modified”:”2025-11-19T03:15:31.719Z”,”type”:”cve”,”title”:”Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges”,”source”:”ASUSTOR1″,”references”:”https:\/\/www.asustor.com\/security\/security_advisory_detail?id=48″,”id”:”CVE-2025-13051″,”bulletinFamily”:””,”cwe”:[“CWE-427″],”cvelist”:null,”sourceData”:”ASUSTOR ABP and AES ABP 2.0\\nASUSTOR ABP and AES AES 1.0″,”sourceHref”:””,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:H\/SI:H\/SA:H”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”ABP and AES”,”version”:”ABP 2.0″,”vendor”:”ASUSTOR”,”ai_description”:”Uncontrolled search path element vulnerability allowing unauthorized code execution with elevated privileges”,”ai_severity”:”Critical”,”ai_vendor”:”ASUSTOR”,”ai_product”:”ABP and AES”,”ai_version”:”ABP 2.0 through 2.0.7.9050, AES 1.0 through 1.0.6.8290″,”ai_score”:9.3}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,55,12,13,7,11,5],"class_list":["post-26837","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n