CVE-2025-66835 identifies a DLL hijacking vulnerability in TrueConf Client version 8.5.2. DLL hijacking occurs when an application improperly loads a dynamic link library (DLL) from an untrusted or user-controlled location instead of the intended system directory. In this case, the vulnerable component is wfapi.dll, a library used by TrueConf Client. A local attacker with limited privileges can craft a malicious wfapi.dll and place it in a location where the TrueConf Client will load it instead of the legitimate DLL. This allows the attacker to execute arbitrary code within the security context of the logged-in user without requiring user interaction. The vulnerability is classified under CWE-427 (Uncontrolled Search Path Element), indicating the root cause is the application’s failure to securely specify the DLL search path. The CVSS v3.1 base score is 7.1 (high), reflecting the vulnerability’s ease of exploitation (local access required, low complexity), no user interaction, and high impact on confidentiality and integrity. Availability is not affected. No known exploits have been reported in the wild as of the publication date. The vulnerability was reserved on December 8, 2025, and published on December 30, 2025. No patch links are currently available, suggesting that a fix has not yet been released by TrueConf.

For European organizations, this vulnerability presents a significant risk especially in environments where TrueConf Client 8.5.2 is deployed widely for video conferencing and collaboration. An attacker with local access—such as a compromised insider, contractor, or attacker who has gained limited foothold on a workstation—could leverage this vulnerability to escalate privileges or move laterally by executing arbitrary code under the user’s context. This could lead to unauthorized access to sensitive communications, data leakage, or further compromise of internal systems. Confidentiality and integrity of communications and stored data are at risk, which is critical for sectors like finance, government, healthcare, and critical infrastructure. Since TrueConf is used in enterprise and governmental settings, the impact could be amplified in countries with high adoption rates or strategic importance of affected organizations. The lack of availability impact reduces the risk of denial-of-service but does not diminish the threat to data security and operational integrity.

1. Restrict local access to systems running TrueConf Client 8.5.2 by enforcing strict access controls and limiting user privileges to the minimum necessary. 2. Monitor file system and process behavior for suspicious DLL loading patterns, especially attempts to load wfapi.dll from non-standard directories. 3. Implement application whitelisting or code integrity policies to prevent execution of unauthorized DLLs. 4. Educate users and administrators about the risks of local privilege escalation and encourage reporting of unusual system behavior. 5. Regularly audit and harden endpoint security configurations to reduce the risk of initial local compromise. 6. Coordinate with TrueConf support or vendor channels to obtain and apply patches or updates as soon as they become available. 7. Consider deploying endpoint detection and response (EDR) solutions capable of detecting DLL hijacking attempts. 8. Use network segmentation to limit lateral movement opportunities if a local compromise occurs.