CVE-2025-63916 – MyScreenTools v2.2.1.0 contains a critical OS c... (How to Fix)

Q: What is the severity of CVE-2025-63916?

CVE-2025-63916 has a CVSS score of 8.1 (HIGH). MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in its GIF compression tool. Attackers can execute arbitrary system commands with the privileges of the user running the application by injecting malicious file paths. This affects all users running the vulnerable version of MyScreenTools.

📋 TL;DR

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in its GIF compression tool. Attackers can execute arbitrary system commands with the privileges of the user running the application by injecting malicious file paths. This affects all users running the vulnerable version of MyScreenTools.

💻 Affected Systems

Products:

MyScreenTools

Versions: v2.2.1.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the GIF compression functionality and requires user interaction to trigger.

📦 What is this software?

Myscreentools by Luotengyuan

View all CVEs affecting Myscreentools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, ransomware deployment, or complete system takeover if the application runs with administrative privileges.

🟠

Likely Case

Local privilege escalation, data exfiltration, or installation of backdoors/malware on the affected system.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and proper network segmentation is in place.

🌐 Internet-Facing: LOW - This appears to be a desktop application rather than a web service.

🏢 Internal Only: HIGH - The vulnerability can be exploited by any user with access to the application, potentially leading to lateral movement within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to use the GIF compression feature with malicious file paths. Public proof-of-concept details are available in the GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider the workarounds below or discontinue use of the vulnerable version.

🔧 Temporary Workarounds

Input Validation and Sanitization

windows

Implement proper input validation and sanitization for file paths before passing to cmd.exe

Run with Minimal Privileges

windows

Run MyScreenTools with a non-administrative user account to limit potential damage

🧯 If You Can't Patch

Disable or remove the GIF compression functionality from MyScreenTools
Implement application whitelisting to prevent execution of unauthorized commands

🔍 How to Verify

Check if Vulnerable:

Check if MyScreenTools version is 2.2.1.0 and review the GIFSicleTool\Form_gif_sicle_tool.cs file for unsanitized user input in CMD() function

Check Version:

Check application properties or about dialog for version information

Verify Fix Applied:

Verify that file path inputs are properly validated and sanitized before being passed to cmd.exe

📡 Detection & Monitoring

Log Indicators:

Unusual cmd.exe processes spawned by MyScreenTools
Suspicious command-line arguments containing special characters or multiple commands

Network Indicators:

Unexpected outbound connections from MyScreenTools process

SIEM Query:

Process Creation where ParentImage contains 'MyScreenTools' and (CommandLine contains '&' or CommandLine contains '|' or CommandLine contains ';' or CommandLine contains '`')

📊 Metadata

CVE ID: CVE-2025-63916

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-78

EPSS Score: 0.4% exploit probability (60.3th percentile)

Published: November 17, 2025

Last Updated: January 16, 2026

🔗 References

https://github.com/cydtseng/Vulnerability-Research/blob/main/myscreentools/OSCommandInjection-GifCompression.md Third Party Advisory,Exploit,Mitigation
https://github.com/luotengyuan/MyScreenTools/blob/master/GIFSicleTool/Form_gif_sicle_tool.cs Product
https://github.com/luotengyuan/MyScreenTools/tree/master Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63916, you might also want to check these: