CVE-2025-34109
Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation
Severity Score
8.5
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
*Credits:
Security-Assessment.com
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-04-15 CVE Reserved
- 2025-07-15 CVE Published
- 2025-07-16 EPSS Updated
- 2025-07-17 CVE Updated
- 2025-07-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (5)
URL | Date | SRC |
---|---|---|
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/panda_psevents.rb | 2025-07-17 | |
https://www.exploit-db.com/exploits/40020 | 2025-07-17 |
URL | Date | SRC |
---|---|---|
https://web.archive.org/web/20160704105329/http://www.pandasecurity.com/uk/support/card?id=100053 | 2025-07-15 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Panda Security Search vendor "Panda Security" | Panda Global Protection 2016 Search vendor "Panda Security" for product "Panda Global Protection 2016" | <= 16.1.2 Search vendor "Panda Security" for product "Panda Global Protection 2016" and version " <= 16.1.2" | en |
Affected
| ||||||
Panda Security Search vendor "Panda Security" | Panda Antivirus Pro 2016 Search vendor "Panda Security" for product "Panda Antivirus Pro 2016" | <= 16.1.2 Search vendor "Panda Security" for product "Panda Antivirus Pro 2016" and version " <= 16.1.2" | en |
Affected
| ||||||
Panda Security Search vendor "Panda Security" | Panda Small Business Protection Search vendor "Panda Security" for product "Panda Small Business Protection" | <= 16.1.2 Search vendor "Panda Security" for product "Panda Small Business Protection" and version " <= 16.1.2" | en |
Affected
| ||||||
Panda Security Search vendor "Panda Security" | Panda Internet Security 2016 Search vendor "Panda Security" for product "Panda Internet Security 2016" | <= 16.1.2 Search vendor "Panda Security" for product "Panda Internet Security 2016" and version " <= 16.1.2" | en |
Affected
|