CVE-2025-5471 – This CVE describes a Search Order Hijacking vul... (How to Fix)

📋 TL;DR

This CVE describes a Search Order Hijacking vulnerability in Yandex Telemost on macOS, where an attacker could place a malicious library in a location that the application searches before legitimate system libraries. This affects macOS users running Yandex Telemost versions before 2.19.1.

💻 Affected Systems

Products:

Yandex Telemost

Versions: All versions before 2.19.1

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS installations. Requires local access to the target system.

📦 What is this software?

Yandex Telemost by Yandex

View all CVEs affecting Yandex Telemost →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could execute arbitrary code with the privileges of the Telemost application, potentially leading to full system compromise if Telemost runs with elevated privileges.

🟠

Likely Case

Local privilege escalation or arbitrary code execution within the context of the Telemost application, potentially allowing data theft or further system access.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and proper file system permissions prevent library injection.

🌐 Internet-Facing: LOW - This is a local attack vector requiring access to the target system.

🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this, but it requires specific conditions and user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to place malicious files in specific directories. May require social engineering or existing system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.19.1

Vendor Advisory: https://yandex.com/bugbounty/i/hall-of-fame-products

Restart Required: Yes

Instructions:

1. Open Yandex Telemost application
2. Check for updates in application settings
3. Update to version 2.19.1 or later
4. Restart the application

🔧 Temporary Workarounds

Restrict Library Loading Paths

macos

Use macOS sandboxing or application whitelisting to restrict where Telemost can load libraries from

Remove Unnecessary Permissions

macos

Run Telemost with minimal privileges and remove unnecessary file system access

🧯 If You Can't Patch

Restrict local user access to systems running vulnerable Telemost versions
Implement application control solutions to prevent unauthorized library loading

🔍 How to Verify

Check if Vulnerable:

Check Telemost version in application settings or About dialog. If version is below 2.19.1, system is vulnerable.

Check Version:

Open Telemost → Settings → About, or check application version in Finder Get Info

Verify Fix Applied:

Confirm Telemost version is 2.19.1 or higher in application settings.

📡 Detection & Monitoring

Log Indicators:

Unusual library loading from non-standard paths in system logs
Telemost process loading unexpected DLLs/shared libraries

Network Indicators:

None - this is a local attack vector

SIEM Query:

Process loading libraries from user-writable directories by Telemost executable

📊 Metadata

CVE ID: CVE-2025-5471

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-427

EPSS Score: 0.02% exploit probability (3.8th percentile)

Published: December 9, 2025

Last Updated: February 19, 2026

🔗 References

https://yandex.com/bugbounty/i/hall-of-fame-products Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5471, you might also want to check these: