CVE-2025-12418

Summary

Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and InstallShield2023R2-CVE-2025-12418-SecurityPatch.

Affected Software

VendorProductVersion RangeStatus
ReveneraInstallShield2023.R1 <= 2023.R2affected
ReveneraInstallShield2024.R1 <= 2024.R2affected
ReveneraInstallShield2025.R1 < InstallShield2025R1-CVE-2025-12418-SecurityPatchaffected

Weaknesses

  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References