Strix
26.1K

CVE-2025-12418

MEDIUMCVSS 5.6/10EPSS 0.13%

Last modified

CVE-2025-12418 is a medium-severity vulnerability rated 5.6/10 on the CVSS scale. Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. EPSS estimates a 0.13% chance of exploitation in the next 30 days.

Description

Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and InstallShield2023R2-CVE-2025-12418-SecurityPatch.

Metrics

CVSS 4.0
5.6/10

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.13%

3.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2025-12418?
Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and InstallShield2023R2-CVE-2025-12418-SecurityPatch.
How severe is CVE-2025-12418?
CVE-2025-12418 has a CVSS score of 5.6/10 (MEDIUM severity). The EPSS model estimates a 0.13% probability of exploitation in the next 30 days.
How do I fix CVE-2025-12418?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-12418?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST