Vulnerability Description
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-13051?
CVE-2025-13051 is a documented vulnerability. When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service r...
How severe is CVE-2025-13051?
CVSS scoring is not yet available for CVE-2025-13051. Check NVD for updates.
Is there a patch for CVE-2025-13051?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.