CVE Alert: CVE-2025-12341 - ermig1979 - AntiDupl

CVE-2025-12341

HIGHNo exploitation knownPoC observed

A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 (7.8)

Vendor

ermig1979

Product

AntiDupl

Versions

2.3.0 | 2.3.1 | 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8 | 2.3.9 | 2.3.10 | 2.3.11 | 2.3.12

CWE

CWE-59, Link Following

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-28T01:02:05.100Z

Updated

2025-10-28T14:14:47.465Z

References

https://vuldb.com/?id.330127

https://vuldb.com/?ctiid.330127

https://vuldb.com/?submit.674515

https://drive.google.com/file/d/19jwaqUji6O3U6EAeUMixBM58QTc4qNMQ/view?usp=sharing

AI Summary Analysis

Risk verdict

High risk with PoC exploitation available and local access required; urgent attention and rapid review recommended.

Why this matters

The vulnerability permits a local attacker to manipulate the Delete Duplicate Image Handler, gaining total impact on the host and potentially accessing or corrupting image data. In enterprise contexts, affected workstations or developer machines could be leveraged to pivot within the host or exfiltrate sensitive local data, especially where the application runs with elevated privileges.

Most likely attack path

Adversaries would need local access and limited privileges to trigger the link-following flaw, with no user interaction required. Once triggered, the attacker could compromise the host’s integrity, confidentiality and availability of affected image assets, and, given unchanged scope, effects are contained to the vulnerable component but may extend to the host if privileges are high.

Who is most exposed

Desktop users running the affected AntiDupl installation on Windows are most at risk, particularly in organisations where the tool is deployed on endpoints with standard user rights or where admins inadvertently run the app with elevated privileges.

Detection ideas

Unusual process activity for AntiDupl.NET.WinForms.exe, especially around image-link handling.
Abnormal file/link manipulations in image directories processed by Delete Duplicate Image Handler.
Logs showing PoC-like exploit patterns or failed/blocked attempts targeting local file links.
Unexpected creation or modification of symbolic/ junction links within image folders.
EDR alerts for anomalous privilege changes or process spawning from the application binary.

Mitigation and prioritisation

Patch/upgrade to a fixed version or vendor-approved workaround; verify availability and apply promptly.
Disable or isolate the Delete Duplicate Image Handler feature if remediation cannot be immediate; apply least-privilege and prevent elevation for the component.
Enforce application whitelisting, endpoint segmentation, and strict user access controls; run the tool under non-privileged accounts where feasible.
Enhance monitoring and logging around the affected process and image directories; test in a lab before broad rollout.
If KEV/EPSS signals become known, adjust prioritisation accordingly (treat as priority 1 if confirmed).

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: antidupl, CVE, cve-2025-12341, ermig1979, OSINT, threatintel