CVE-2025-35978
📋 TL;DR
This vulnerability allows local authenticated attackers to modify registry values or execute arbitrary code by sending malicious data to UpdateNavi software. It affects UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. Organizations using these versions are at risk of local privilege escalation and system compromise.
💻 Affected Systems
- UpdateNavi
- UpdateNaviInstallService
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to gain administrative privileges, modify system configurations, or install malicious software.
If Mitigated
Limited impact if proper network segmentation, least privilege principles, and endpoint protection are implemented.
🎯 Exploit Status
Exploitation requires local authenticated access but appears straightforward based on the CWE-923 description (improper channel restriction).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to versions beyond the affected ranges (check vendor advisory for exact fixed versions)
Vendor Advisory: https://azby.fmworld.net/support/security/information/updatenavi202506/
Restart Required: Yes
Instructions:
1. Visit the vendor advisory URL. 2. Download the latest version of UpdateNavi and UpdateNaviInstallService. 3. Install the updates following vendor instructions. 4. Restart affected systems.
🔧 Temporary Workarounds
Restrict Local Access
windowsLimit local authenticated access to systems running vulnerable software to only trusted administrators.
Disable Unnecessary Services
windowsIf UpdateNavi or UpdateNaviInstallService are not essential, disable or uninstall them.
sc stop UpdateNaviInstallService
sc config UpdateNaviInstallService start= disabled
🧯 If You Can't Patch
- Implement strict least privilege access controls to limit local authenticated users.
- Monitor for suspicious registry modifications and process executions related to UpdateNavi.
🔍 How to Verify
Check if Vulnerable:
Check installed software versions: For UpdateNavi, verify version is V1.4 L10-L33. For UpdateNaviInstallService, check service version 1.2.0091-1.2.0125 via Windows Services or registry.Check Version:
wmic service where "name like '%UpdateNavi%'" get name, pathname, versionVerify Fix Applied:
Confirm installed versions are outside the affected ranges after patching. Verify services are running updated versions.📡 Detection & Monitoring
Log Indicators:
- Unexpected registry modifications by UpdateNavi processes
- Suspicious process creation from UpdateNavi executables
Network Indicators:
- Unusual local inter-process communication involving UpdateNavi services
SIEM Query:
Process Creation where (Image contains 'UpdateNavi' OR ParentImage contains 'UpdateNavi') AND CommandLine contains suspicious patterns