CVE-2025-5470
📋 TL;DR
This CVE describes a Search Order Hijacking vulnerability in Yandex Disk for macOS, where an attacker could place malicious files in locations that the application searches before legitimate ones. This affects macOS users running Yandex Disk versions before 3.2.45.3275.
💻 Affected Systems
- Yandex Disk
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could execute arbitrary code with the privileges of the Yandex Disk application, potentially leading to full system compromise if the application runs with elevated privileges.
Likely Case
Local privilege escalation or execution of malicious payloads when users launch Yandex Disk, potentially leading to data theft or further system compromise.
If Mitigated
Limited impact if proper file permissions and application sandboxing are enforced, restricting the attacker's ability to place malicious files in search paths.
🎯 Exploit Status
Exploitation requires local access to place malicious files in specific directories. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.45.3275
Vendor Advisory: https://yandex.com/bugbounty/i/hall-of-fame-products
Restart Required: Yes
Instructions:
1. Open Yandex Disk application. 2. Go to Settings > About. 3. Check current version. 4. If below 3.2.45.3275, update through the application's update mechanism or download from official Yandex website. 5. Restart the application after update.
🔧 Temporary Workarounds
Restrict write permissions to application directories
macOSPrevent unauthorized users from writing to directories that Yandex Disk searches during execution
sudo chmod -R o-w /Applications/Yandex.Disk.app
sudo chmod -R o-w ~/Library/Application\ Support/Yandex.Disk
🧯 If You Can't Patch
- Remove or disable Yandex Disk if not essential
- Implement strict file permissions and monitor for unauthorized file creation in application directories
🔍 How to Verify
Check if Vulnerable:
Check Yandex Disk version in application settings. If version is below 3.2.45.3275, the system is vulnerable.Check Version:
defaults read /Applications/Yandex.Disk.app/Contents/Info.plist CFBundleShortVersionStringVerify Fix Applied:
Confirm version is 3.2.45.3275 or higher in application settings and verify application functions normally.📡 Detection & Monitoring
Log Indicators:
- Unusual file creation in Yandex Disk directories
- Process execution from unexpected locations
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
process.name:"Yandex.Disk" AND file.path:("*/Library/Application Support/Yandex.Disk/*" OR "/Applications/Yandex.Disk.app/*") AND event.action:"create"