Login Sign Up

CVE-2024-25089

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability in Malwarebytes Binisoft Windows Firewall Control allows remote attackers to execute arbitrary code via gRPC named pipes. Attackers can exploit this to run malicious code on affected systems. Users running vulnerable versions of Windows Firewall Control are affected.

💻 Affected Systems

Products:
  • Malwarebytes Binisoft Windows Firewall Control
Versions: Versions before 6.9.9.2
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default configuration.

📦 What is this software?

Binisoft Windows Firewall Control by Malwarebytes

View all CVEs affecting Binisoft Windows Firewall Control →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote attackers gaining unauthorized access to execute arbitrary commands, potentially leading to lateral movement within networks.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented, though exploitation risk remains.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the named pipe interface, which may be accessible remotely depending on configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.9.9.2

Vendor Advisory: https://www.binisoft.org/changelog.txt

Restart Required: Yes

Instructions:

1. Download Windows Firewall Control version 6.9.9.2 or later from the official website. 2. Run the installer to upgrade. 3. Restart the system to ensure changes take effect.

🔧 Temporary Workarounds

Disable gRPC named pipe access

windows

Restrict or disable gRPC named pipe communication to prevent remote exploitation.

netsh advfirewall firewall add rule name="Block WFC gRPC" dir=in action=block program="C:\Program Files\Binisoft\Windows Firewall Control\wfc.exe" enable=yes

Network segmentation

all

Isolate systems running vulnerable software from untrusted networks.

🧯 If You Can't Patch

  • Implement strict network access controls to limit connections to affected systems
  • Monitor for suspicious named pipe activity and unauthorized process execution

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Windows Firewall Control in the application's About section or via Programs and Features.

Check Version:

wmic product where name="Windows Firewall Control" get version

Verify Fix Applied:

Confirm version is 6.9.9.2 or higher in the application interface.

📡 Detection & Monitoring

Log Indicators:

  • Unusual named pipe creation or access events
  • Suspicious process execution originating from Windows Firewall Control

Network Indicators:

  • Unexpected network connections to/from systems running Windows Firewall Control
  • Anomalous gRPC traffic patterns

SIEM Query:

EventID=4688 AND ProcessName="wfc.exe" AND CommandLine CONTAINS "-grpc"

📊 Metadata

CVE ID: CVE-2024-25089
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: February 4, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25089, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)