CVE-2025-12683
📋 TL;DR
Everything service running as SYSTEM uses a named pipe with NULL DACL, granting all users full permissions. This allows local low-privileged users to potentially cause denial of service or chain with other vulnerabilities for privilege escalation. Affects Everything software users on Windows systems.
💻 Affected Systems
- Everything by voidtools
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to SYSTEM by chaining with other vulnerabilities, leading to complete system compromise.
Likely Case
Service denial of service through pipe manipulation, disrupting Everything functionality.
If Mitigated
Limited impact if proper access controls are implemented on the named pipe.
🎯 Exploit Status
Exploitation requires local access and knowledge of named pipe manipulation. Privilege escalation requires chaining with additional vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - check vendor advisory
Vendor Advisory: https://www.voidtools.com/
Restart Required: Yes
Instructions:
1. Check voidtools website for security updates. 2. Download and install latest version. 3. Restart Everything service and system if required.
🔧 Temporary Workarounds
Set proper DACL on Everything named pipe
windowsModify named pipe permissions to restrict access to authorized users only
icacls "\\.\pipe\Everything" /grant SYSTEM:F /grant "Authenticated Users":RX
icacls "\\.\pipe\Everything" /remove Everyone
Disable Everything service
windowsStop and disable the Everything service if not required
sc stop Everything
sc config Everything start= disabled
🧯 If You Can't Patch
- Implement strict access controls on named pipes using Windows security policies
- Monitor for unusual named pipe access attempts and Everything service behavior
🔍 How to Verify
Check if Vulnerable:
Check named pipe permissions: 'icacls "\\.\pipe\Everything"' and look for Everyone:(F) or NULL DACLCheck Version:
Check Everything version in GUI: Help → About or run 'Everything.exe --version'Verify Fix Applied:
Verify named pipe has proper DACL without Everyone or NULL permissions📡 Detection & Monitoring
Log Indicators:
- Event ID 4656 (Windows Security Audit) for named pipe access
- Everything service crashes or unexpected restarts
Network Indicators:
- Local named pipe communication anomalies
SIEM Query:
EventID=4656 AND ObjectName="\Device\NamedPipe\Everything" AND AccessMask=0x1F01FF