Published:2025/10/06 Last Updated:2025/10/06
JVN#95806263
The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries
Overview
The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries.
Products Affected
Multiple products are affected.
As for the details of affected products, refer to the information provided by the developer.
Description
The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries.
- Uncontrolled search path element (CWE-427)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-57781
- This vulnerability is exploited by directing a user to download and place a crafted DLL file with the affected installer, and to execute the installer
Impact
Arbitrary code may be executed with the privilege of the user invoking the installer.
Solution
Use the latest installer
Use the latest installer provided by the developer.
Vendor Status
Vendor | Link |
DENSO TEN Limited. | About the Security Issue (Vulnerability) in the Drive Recorder Viewer (Windows Software) (Text in Japanese) |
References
-
Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs -
Japan Vulnerability Notes JVN#72748502
Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Takeru Naito of MOTEX Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2025-57781 |
JVN iPedia |
JVNDB-2025-000082 |