CVE-2025-5471 is classified under CWE-427, indicating an Uncontrolled Search Path Element vulnerability in Yandex Telemost, a video conferencing application, specifically on macOS platforms. The vulnerability arises because the application does not properly control the order in which it searches for executables or libraries during runtime. An attacker with limited privileges (low-level authenticated user) can exploit this by placing malicious executables or libraries in directories that are searched before the legitimate ones, causing the application to load and execute attacker-controlled code. This search order hijacking can lead to privilege escalation, unauthorized code execution, and compromise of system integrity. The CVSS 4.0 score of 7.3 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity but requiring some privileges and no user interaction. The vulnerability affects all versions of Telemost before 2.19.1 on macOS, with no patches publicly available at the time of publication. No known exploits have been reported in the wild yet, but the potential for targeted attacks exists, especially in environments where Yandex Telemost is widely used. The issue was reserved in June 2025 and published in December 2025, indicating recent discovery and disclosure.

For European organizations, this vulnerability presents a significant risk, particularly for those relying on Yandex Telemost for communication and collaboration on macOS devices. Exploitation could lead to unauthorized execution of malicious code, resulting in data breaches, espionage, or disruption of services. The ability to escalate privileges and compromise system integrity threatens sensitive corporate and governmental information. Given the geopolitical tensions involving Russia and Europe, threat actors may target organizations using Russian-origin software like Yandex Telemost to gain footholds or conduct surveillance. The impact extends to critical infrastructure, financial institutions, and public sector entities where confidentiality and availability are paramount. Additionally, the lack of a patch at disclosure time increases exposure duration, elevating risk. The vulnerability could also be leveraged in supply chain attacks if attackers compromise update mechanisms or shared resources.

European organizations should immediately verify their use of Yandex Telemost on macOS and prioritize upgrading to version 2.19.1 or later once available. Until patches are released, restrict write permissions on all directories included in the executable and library search paths to prevent unauthorized file placement. Employ application whitelisting and integrity monitoring to detect anomalous executable loads. Use endpoint detection and response (EDR) solutions to monitor for suspicious process behaviors indicative of search order hijacking. Network segmentation can limit lateral movement if exploitation occurs. Educate users and administrators about the risks of running untrusted code and the importance of maintaining updated software. Engage with Yandex support channels for timely patch information and consider alternative communication platforms if risk tolerance is low. Finally, conduct regular audits of system PATH variables and environment configurations to ensure no insecure directories are included.