← volver
CVE-2025-13433

Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path

CVSS 7.3 HIGHEPSS 0.1%CWE-426CWE-428
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
Productos afectados
Muse Group · MuseHub

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/lakshayyverma/CVE-Discovery/blob/main/Musehub.mdhttps://vuldb.com/?ctiid.332977https://vuldb.com/?id.332977https://vuldb.com/?submit.687547