Unprotected Windows Messaging Channel ('Shatter')

CVE-2025-20094

High

8.8/10

Summary

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-422 - Unprotected Windows Messaging Channel ('Shatter')

The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

References

Advisory Timeline

Published Feb 06, 2025

Unprotected Windows Messaging Channel ('Shatter')

CVE-2025-20094

Summary

CWE-422 - Unprotected Windows Messaging Channel ('Shatter')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS