Cyber Posture

CVE-2025-41670

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 27 May 2026

Published
27 May 2026
Modified
27 May 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41670 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 9.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are…

more

not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-427
OWASP Top 10 Web 2025
A08:2025

Affected Products

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

EU & UK References

References