CVE-2026-25191 is a vulnerability affecting the installer component of Digital Arts Inc.'s FinalCode Ver.5 series, specifically versions prior to 5.43R01. The root cause is an uncontrolled search path element for DLLs during the installation process. When the installer executes, it loads DLLs from its current directory without validating or restricting the search path, allowing an attacker with local access to place a malicious DLL alongside the installer executable. Upon execution, the installer loads the malicious DLL, resulting in arbitrary code execution with the installer's execution privileges. This vulnerability requires the attacker to have the ability to place files in the installer's directory and to persuade a user to run the installer, implying user interaction is necessary. The CVSS v3.0 base score is 7.8, reflecting high severity due to the potential for full system compromise (confidentiality, integrity, and availability impacts). The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is needed (UI:R). The scope remains unchanged (S:U). Although no exploits are currently known in the wild, the vulnerability poses a significant risk to environments where FinalCode Ver.5 is deployed, especially if users have the ability to run installers from untrusted directories. The vulnerability highlights the importance of secure DLL loading practices and proper installer design to prevent DLL hijacking or search path manipulation attacks.

The vulnerability allows an attacker with local access to execute arbitrary code with the privileges of the installer, which may be elevated depending on the environment. This can lead to full compromise of affected systems, including unauthorized access to sensitive data (confidentiality impact), modification or destruction of data (integrity impact), and disruption of services or system availability. Organizations using FinalCode Ver.5 prior to 5.43R01 are at risk, particularly if users can be tricked into running installers from directories where attackers can place malicious DLLs. The attack requires user interaction but no authentication, increasing the risk in environments with less controlled user privileges or where social engineering is feasible. The potential impact extends to any system where the vulnerable installer is used, including enterprise environments that rely on FinalCode for data protection and encryption. The absence of known exploits in the wild suggests the threat is not yet actively exploited, but the vulnerability's nature and severity warrant immediate attention to prevent future attacks.

1. Upgrade to FinalCode Ver.5.43R01 or later, where the vulnerability is patched. 2. Restrict write permissions on directories where installers are stored or executed to prevent unauthorized placement of DLL files. 3. Educate users to avoid running installers from untrusted or unknown directories, especially those received via email or external media. 4. Implement application whitelisting to control which executables and DLLs can run on endpoints. 5. Use endpoint detection and response (EDR) tools to monitor for suspicious DLL loading or installer execution behaviors. 6. Employ integrity verification mechanisms on installer files and associated DLLs to detect tampering. 7. Consider running installers with the least privilege necessary to limit the impact of potential code execution. 8. Regularly audit and monitor file system permissions and user activities related to software installation processes. These steps collectively reduce the risk of exploitation by limiting the attack surface and improving detection capabilities.