CVE-2025-7097 is a critical OS command injection vulnerability identified in Comodo Internet Security Premium version 12.3.4.8162. The flaw resides in the Manifest File Handler component, specifically in the processing of the file cis_update_x64.xml. An attacker can manipulate the argument binary/params within this file to inject arbitrary operating system commands. This vulnerability is remotely exploitable without requiring authentication or user interaction, although the attack complexity is rated as high, indicating that exploitation requires significant skill or specific conditions. The vulnerability impacts confidentiality, integrity, and availability since arbitrary commands could be executed with the privileges of the security software, potentially leading to full system compromise. The vendor has not responded to the disclosure, and no patches are currently available. Although no known exploits are reported in the wild, public disclosure of the exploit details increases the risk of future attacks. The CVSS 4.0 score is 9.2 (critical), reflecting the high impact and remote exploitability without user interaction. The vulnerability's root cause is improper input validation in the Manifest File Handler, allowing injection of OS commands through crafted XML files used during update processing.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Comodo Internet Security Premium for endpoint protection. Successful exploitation could allow attackers to execute arbitrary commands remotely, bypassing security controls and potentially deploying malware, ransomware, or conducting espionage. This could lead to data breaches, disruption of critical services, and loss of sensitive information. Given the critical nature of the flaw and the lack of vendor response or patch, organizations face an elevated risk window. The impact is particularly severe in sectors with high security requirements such as finance, healthcare, government, and critical infrastructure. Additionally, the vulnerability could be leveraged in targeted attacks or supply chain compromises, affecting the integrity of security defenses across networks.

Since no official patch is available, European organizations should implement immediate compensating controls. These include disabling or restricting the use of Comodo Internet Security Premium 12.3.4.8162 where feasible, especially on high-value or internet-facing systems. Network-level controls such as firewall rules should be applied to limit inbound traffic to update mechanisms or related services. Monitoring and logging should be enhanced to detect suspicious activity related to the Manifest File Handler or unusual command execution patterns. Organizations should consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous process behavior. If possible, isolate systems running the vulnerable software from critical network segments. Additionally, organizations should prepare for rapid patch deployment once Comodo releases a fix and maintain close communication with the vendor or security advisories for updates. Conducting internal audits to identify all instances of the affected software version is critical to ensure comprehensive coverage.