CVE-2025-12683 is a vulnerability in the Windows search utility Everything by Voidtools, specifically version 1.4.1.1029. The Everything service runs with SYSTEM privileges and communicates with the Everything GUI, which runs with lower privileges, via a named pipe. This named pipe is configured with a NULL Discretionary Access Control List (DACL), effectively granting all users full access permissions to it. This misconfiguration violates proper privilege management principles (CWE-269), allowing any local user to interact with the pipe without restriction. Because the service runs as SYSTEM, an attacker with local access can exploit this to cause a denial of service by interfering with the pipe communication or potentially escalate privileges if combined with other vulnerabilities or attack vectors. The vulnerability does not require user interaction but does require local access to the machine. The CVSS 4.0 score is 7.3 (high), reflecting the significant impact on confidentiality, integrity, and availability, as well as the relatively low attack complexity. No public exploits are currently known, but the vulnerability poses a serious risk in environments where local users have access to affected systems. The lack of a patch at the time of publication means organizations must rely on mitigation strategies until an official fix is released.

For European organizations, this vulnerability could lead to local privilege escalation or denial of service on systems running Everything 1.4.1.1029, potentially allowing attackers to gain SYSTEM-level control or disrupt critical search functionality. This is particularly impactful in environments with multiple users on shared workstations or where local user accounts are common, such as in enterprises, educational institutions, and public sector organizations. The compromise of SYSTEM privileges can lead to full system takeover, data theft, or lateral movement within networks. Denial of service could disrupt user productivity and critical search-dependent workflows. Given Everything's popularity as a fast file search tool on Windows, organizations relying on it for operational efficiency may face increased risk. The vulnerability's local nature limits remote exploitation but insider threats or malware with local access could leverage this flaw. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

Organizations should immediately audit and restrict permissions on the named pipe used by Everything to prevent unauthorized access. This can be done by manually setting a restrictive DACL on the pipe to limit access to only the necessary system accounts. Until a vendor patch is available, consider disabling the Everything service or uninstalling the affected version if local privilege escalation risk is unacceptable. Employ application whitelisting and endpoint detection to monitor for suspicious local activity involving the Everything service or named pipe. Regularly update and patch all software components once Voidtools releases a fix. Additionally, enforce the principle of least privilege for local user accounts to reduce the impact of potential exploitation. Network segmentation and limiting local administrative rights can further reduce risk. Finally, educate users about the risks of running untrusted code locally, as exploitation requires local access.