CVE-2025-63421 is a local code execution vulnerability found in filosoft Comerc.32 Commercial Invoicing software version 16.0.0.3. The flaw resides in the comeinst.exe executable, which can be manipulated by a local attacker with low privileges to execute arbitrary code. This vulnerability is categorized under CWE-94, indicating that the software improperly controls code generation or execution, allowing injection or execution of malicious code. The CVSS v3.1 base score is 7.8, reflecting high severity due to the potential for full system compromise. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), with no user interaction (UI:N) needed. The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning an attacker could fully compromise the affected system. No patches or fixes have been published yet, and no known exploits are reported in the wild, but the vulnerability poses a significant risk to organizations using this software. The lack of user interaction and low privilege requirements make it easier for attackers with local access to exploit the vulnerability, potentially leading to full system takeover, data theft, or disruption of invoicing operations.

The vulnerability allows a local attacker to execute arbitrary code with potentially high privileges, leading to full compromise of the affected system. This can result in unauthorized access to sensitive financial and commercial data, manipulation or deletion of invoicing records, and disruption of business operations. The high impact on confidentiality, integrity, and availability means attackers could steal confidential information, alter invoices or financial data, or cause denial of service by crashing or corrupting the application. Organizations relying on filosoft Comerc.32 for invoicing are at risk of financial loss, reputational damage, and regulatory non-compliance if exploited. Since the vulnerability requires local access, insider threats or attackers who have gained initial footholds through other means could leverage this flaw to escalate privileges and move laterally within networks. The absence of patches increases the window of exposure, emphasizing the need for immediate mitigation.

1. Restrict local access to systems running filosoft Comerc.32, ensuring only trusted and authorized personnel have login privileges. 2. Implement strict access controls and monitoring on the comeinst.exe file to detect and prevent unauthorized execution or modification. 3. Use application whitelisting to limit execution of unauthorized binaries or scripts on affected systems. 4. Employ endpoint detection and response (EDR) solutions to monitor for suspicious behavior related to code execution or privilege escalation attempts involving comeinst.exe. 5. Isolate critical invoicing systems from general user workstations and limit network access to reduce risk of lateral movement. 6. Regularly audit user privileges and remove unnecessary local accounts or rights that could be exploited. 7. Prepare for rapid deployment of patches or updates once the vendor releases a fix. 8. Educate staff about the risks of local access compromise and enforce strong physical security controls. 9. Consider deploying host-based intrusion prevention systems (HIPS) to block exploitation attempts targeting this vulnerability. 10. Maintain up-to-date backups of invoicing data to enable recovery in case of compromise.