CVE-2025-12683

Vulnerability Description

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user.

Related Weaknesses (CWE)

CWE-269

References

https://www.voidtools.com/

FAQ

What is CVE-2025-12683?

CVE-2025-12683 is a documented vulnerability. The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permissio...

How severe is CVE-2025-12683?

CVSS scoring is not yet available for CVE-2025-12683. Check NVD for updates.

Is there a patch for CVE-2025-12683?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.