CVE-2021-3305: n/a in n/a
Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.
AI Analysis
Technical Summary
CVE-2021-3305 is a high-severity vulnerability identified in Feishu version 3.40.3, a collaboration and communication platform developed by Beijing Feishu Technology Co., Ltd. The vulnerability is classified as an untrusted search path issue (CWE-426). This type of vulnerability occurs when an application searches for and loads executable files or libraries from directories that are not securely controlled or trusted, potentially allowing an attacker to influence the search path and execute malicious code. In this case, the vulnerability allows an attacker with local access (attack vector: local) to exploit the application by tricking it into loading malicious components due to improper path validation. The CVSS 3.1 base score of 7.8 indicates a high severity, with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H meaning the attack requires local access, low attack complexity, no privileges required, but does require user interaction. The scope is unchanged, and the impact on confidentiality, integrity, and availability is high. Although no known exploits are currently reported in the wild and no patch links are provided, the vulnerability poses a significant risk if exploited, potentially allowing attackers to execute arbitrary code, compromise sensitive data, and disrupt service availability. The lack of detailed vendor or product information beyond Feishu v3.40.3 limits the ability to fully assess the attack surface, but the vulnerability is clearly tied to the Feishu client application.
Potential Impact
For European organizations using Feishu as part of their internal communication and collaboration infrastructure, this vulnerability could have serious consequences. Exploitation could lead to unauthorized code execution on user machines, resulting in data breaches, espionage, or disruption of business operations. Given Feishu's role in handling sensitive corporate communications, the confidentiality and integrity of information could be severely compromised. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where endpoint security is weak or where social engineering could induce user interaction. The potential for high impact on availability also raises concerns about operational continuity. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, could face regulatory and reputational damage if this vulnerability is exploited.
Mitigation Recommendations
European organizations should take immediate steps to mitigate this vulnerability. Since no official patch is currently referenced, organizations should: 1) Restrict local access to systems running Feishu to trusted users only, enforcing strict endpoint security policies. 2) Educate users about the risks of executing untrusted files or clicking on suspicious prompts, reducing the likelihood of successful user interaction exploitation. 3) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block unauthorized code execution attempts. 4) Review and harden the environment to ensure that the search paths used by Feishu do not include directories writable by unprivileged users. 5) Monitor vendor communications closely for any forthcoming patches or updates and plan for immediate deployment once available. 6) Consider isolating or sandboxing the Feishu client to limit the impact of potential exploitation. 7) Conduct regular audits and vulnerability assessments on endpoints running Feishu to detect signs of compromise early.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2021-3305: n/a in n/a
Description
Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.
AI-Powered Analysis
Technical Analysis
CVE-2021-3305 is a high-severity vulnerability identified in Feishu version 3.40.3, a collaboration and communication platform developed by Beijing Feishu Technology Co., Ltd. The vulnerability is classified as an untrusted search path issue (CWE-426). This type of vulnerability occurs when an application searches for and loads executable files or libraries from directories that are not securely controlled or trusted, potentially allowing an attacker to influence the search path and execute malicious code. In this case, the vulnerability allows an attacker with local access (attack vector: local) to exploit the application by tricking it into loading malicious components due to improper path validation. The CVSS 3.1 base score of 7.8 indicates a high severity, with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H meaning the attack requires local access, low attack complexity, no privileges required, but does require user interaction. The scope is unchanged, and the impact on confidentiality, integrity, and availability is high. Although no known exploits are currently reported in the wild and no patch links are provided, the vulnerability poses a significant risk if exploited, potentially allowing attackers to execute arbitrary code, compromise sensitive data, and disrupt service availability. The lack of detailed vendor or product information beyond Feishu v3.40.3 limits the ability to fully assess the attack surface, but the vulnerability is clearly tied to the Feishu client application.
Potential Impact
For European organizations using Feishu as part of their internal communication and collaboration infrastructure, this vulnerability could have serious consequences. Exploitation could lead to unauthorized code execution on user machines, resulting in data breaches, espionage, or disruption of business operations. Given Feishu's role in handling sensitive corporate communications, the confidentiality and integrity of information could be severely compromised. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where endpoint security is weak or where social engineering could induce user interaction. The potential for high impact on availability also raises concerns about operational continuity. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, could face regulatory and reputational damage if this vulnerability is exploited.
Mitigation Recommendations
European organizations should take immediate steps to mitigate this vulnerability. Since no official patch is currently referenced, organizations should: 1) Restrict local access to systems running Feishu to trusted users only, enforcing strict endpoint security policies. 2) Educate users about the risks of executing untrusted files or clicking on suspicious prompts, reducing the likelihood of successful user interaction exploitation. 3) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block unauthorized code execution attempts. 4) Review and harden the environment to ensure that the search paths used by Feishu do not include directories writable by unprivileged users. 5) Monitor vendor communications closely for any forthcoming patches or updates and plan for immediate deployment once available. 6) Consider isolating or sandboxing the Feishu client to limit the impact of potential exploitation. 7) Conduct regular audits and vulnerability assessments on endpoints running Feishu to detect signs of compromise early.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2021-01-25T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9815c4522896dcbd6394
Added to database: 5/21/2025, 9:08:37 AM
Last enriched: 7/3/2025, 3:27:37 PM
Last updated: 8/11/2025, 7:49:48 PM
Views: 13
Related Threats
CVE-2025-55286: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in vancluever z2d
HighCVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.