CVE-2025-13433
📋 TL;DR
This CVE describes an unquoted search path vulnerability in Muse Group MuseHub's Windows Service updater component. Attackers with local access could potentially execute arbitrary code by placing malicious executables in paths that the service searches. Only users running MuseHub 2.1.0.1567 on Windows are affected.
💻 Affected Systems
- Muse Group MuseHub
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to SYSTEM-level code execution and complete system compromise.
Likely Case
Local authenticated user could execute code with elevated privileges, potentially installing malware or backdoors.
If Mitigated
With proper access controls and monitoring, impact limited to local user privilege escalation within the compromised account context.
🎯 Exploit Status
Attack requires local access and is described as difficult with high complexity. No public exploit code found in references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None provided
Restart Required: Yes
Instructions:
No official patch available. Vendor was contacted but did not respond. Consider uninstalling MuseHub until vendor releases fix.
🔧 Temporary Workarounds
Apply proper permissions to installation directory
windowsRestrict write permissions to the MuseHub installation directory to prevent malicious file placement
icacls "C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6" /deny Users:(OI)(CI)W
Disable or remove MuseHub service
windowsStop and disable the vulnerable Windows service component
sc stop MuseUpdater
sc config MuseUpdater start= disabled
🧯 If You Can't Patch
- Uninstall MuseHub 2.1.0.1567 completely from affected systems
- Implement strict local access controls and monitor for suspicious file creation in MuseHub directories
🔍 How to Verify
Check if Vulnerable:
Check if MuseHub 2.1.0.1567 is installed: Look for C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6 directoryCheck Version:
Check Windows Apps list in Settings or examine the installation directory nameVerify Fix Applied:
Verify MuseHub is uninstalled or updated to a version beyond 2.1.0.1567📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing service start/stop events for Muse.Updater.exe
- File creation events in MuseHub directories by non-privileged users
Network Indicators:
- None - local-only vulnerability
SIEM Query:
EventID=4688 AND ProcessName="Muse.Updater.exe" OR FileCreation in ("*Muse.MuseHub*\*")