CVE-2025-5469
📋 TL;DR
This CVE describes a Search Order Hijacking vulnerability in Yandex Messenger (Telemost) on macOS, where an attacker can place a malicious library in a location that the application searches before legitimate system libraries. This affects macOS users running vulnerable versions of Yandex Messenger/Telemost.
💻 Affected Systems
- Yandex Messenger
- Telemost
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could execute arbitrary code with the privileges of the user running Yandex Messenger, potentially leading to full system compromise, data theft, or malware installation.
Likely Case
Local privilege escalation or execution of malicious code in the context of the user running the vulnerable application.
If Mitigated
Limited impact if proper library path controls and application sandboxing are enforced.
🎯 Exploit Status
Exploitation requires local access to place malicious files. Standard search order hijacking techniques apply.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.245 or later
Vendor Advisory: https://yandex.com/bugbounty/i/hall-of-fame-products
Restart Required: Yes
Instructions:
1. Open Yandex Messenger/Telemost. 2. Check for updates in application settings. 3. Update to version 2.245 or later. 4. Restart the application.
🔧 Temporary Workarounds
Restrict library search paths
macOSUse macOS security controls to restrict where applications can load libraries from
sudo spctl --master-enable
sudo spctl --enable --label "Developer ID"
Remove vulnerable versions
macOSUninstall vulnerable versions until patched version can be installed
sudo rm -rf /Applications/Yandex\ Messenger.app
sudo rm -rf /Applications/Telemost.app
🧯 If You Can't Patch
- Restrict user permissions to prevent placing files in library search paths
- Monitor for suspicious library loading behavior using endpoint detection tools
🔍 How to Verify
Check if Vulnerable:
Check Yandex Messenger/Telemost version in application settings or About dialogCheck Version:
defaults read /Applications/Yandex\ Messenger.app/Contents/Info.plist CFBundleShortVersionStringVerify Fix Applied:
Confirm version is 2.245 or higher in application settings📡 Detection & Monitoring
Log Indicators:
- Unusual library loading from non-standard paths in application logs
- Console.app entries showing library loading errors
Network Indicators:
- Not applicable - local attack vector
SIEM Query:
process_name:"Yandex Messenger" AND event_type:"library_load" AND NOT library_path:"/System/Library/*" AND NOT library_path:"/usr/lib/*"