{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T11:44:19.092","vulnerabilities":[{"cve":{"id":"CVE-2025-22894","sourceIdentifier":"vultures@jpcert.or.jp","published":"2025-02-06T08:15:30.027","lastModified":"2026-06-17T08:50:49.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege."},{"lang":"es","value":"Existe un problema de canal de mensajería de Windows desprotegido (\"Shatter\") en Defense Platform Home Edition Ver.3.9.51.x y versiones anteriores. Si un atacante envía un mensaje especialmente manipulado al proceso específico del sistema Windows donde se ejecuta el producto, se pueden alterar archivos arbitrarios del sistema. Como resultado, se puede ejecutar una DLL arbitraria con privilegio SYSTEM."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"Humming Heads Inc.","product":"Defense Platform Home Edition","versions":[{"version":"Ver.3.9.51.x and earlier","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-06T14:15:19.426989Z","id":"CVE-2025-22894","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-422"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hummingheads:defense_platform:*:*:*:*:home:*:*:*","versionEndIncluding":"3.9.51.0","matchCriteriaId":"6B192BB2-AB8A-49B5-A8EC-06D30F135E87"}]}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN66673020/","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"https://www.hummingheads.co.jp/dep/storelist/","source":"vultures@jpcert.or.jp","tags":["Product"]}]}}]}