Description

Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability.

INFO

Published Date :

2025-02-18T22:40:59.053Z

Last Modified :

2025-02-19T15:02:27.244Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-26624 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-26624.

URL Resource
https://github.com/pbatard/rufus/commit/74dfa49707fd626b58d776d3400295740a29e23e cve-icon cve-icon
https://github.com/pbatard/rufus/security/advisories/GHSA-p8p5-r296-g2jv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability