Primary

Context

Progress Telerik UI for WinUI Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability exists in Progress Telerik UI for WinUI, affecting versions through 2024 Q4 (2.11.0). The issue arises from improper handling of hyperlink elements, which could allow an attacker to inject and execute arbitrary commands.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution within the context of the application.

Remediation

Users can upgrade to Progress Telerik UI for WinUI 2025 Q1 (3.0.0) to address this vulnerability. Instructions for updating are available in the Telerik documentation. Customers with a Telerik UI for WinUI license can access the updated version through the Telerik Product Downloads page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress Telerik UI for WinUI Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Progress Telerik UI for WinUI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating