CVE-2025-22894

Summary

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege.

Affected Software

VendorProductVersion RangeStatus
Humming Heads Inc.Defense Platform Home EditionVer.3.9.51.x and earlieraffected

Weaknesses

  • CWE-422: Unprotected Windows Messaging Channel ('Shatter')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References