CRITICAL🇵🇱 Wersja polska

CVE-2025-26155

CVSS 9.8v3.1pub. 2025-11-26upd. 2025-12-30

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.

🤖 AI Analysis
How it works

The Untrusted Search Path vulnerability occurs when an application does not restrict the search paths for executable files or dynamic libraries to trusted system locations during file lookup. An attacker can place a malicious file (such as a DLL library) in a location that will be searched before the correct system path. When the application loads the substituted file, the code supplied by the attacker is executed in the context of the VPN client process.

Impact

An attacker can gain full control over the victim's system by executing arbitrary code with the privileges of the VPN client process, which may lead to breach of confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the vendor in accordance with the references — detailed information about patched versions is available on the vendor's website (ncp-e.com) and in the Axians Pentest report (pentest.axians.de).

Who is affected

NCP Secure Enterprise Client version 13.18 and NCP Secure Entry Windows Client version 13.19.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ncp E Ncp Secure Entry Client

    APP
    Ncp-E
    13.19
  • Ncp E Secure Enterprise Client

    APP
    Ncp-E
    13.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-28872HIGH8.8ten sam produkt

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYST...

CVE-2023-28868HIGH8.1ten sam produkt

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on t...

CVE-2020-11474HIGH7.8ten sam produkt

NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assi...

CVE-2017-17023HIGH8.1ten sam produkt

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The af...

CVE-2023-28869MEDIUM6.5ten sam produkt

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary...