Postman Untrusted Search Path Vulnerability in profapi.dll on Windows

Vulnerability

A vulnerability leading to an untrusted search path has been identified in Postman versions prior to 11.20 on Windows. This issue arises in the library profapi.dll and requires local exploitation. The vulnerability has a high attack complexity, making it difficult to exploit.

Impact

Exploitation of this vulnerability could lead to local privilege escalation by allowing an attacker to manipulate the search path, potentially causing the application to load malicious libraries.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Postman Untrusted Search Path Vulnerability in profapi.dll on Windows

Vulnerability

Impact

Affected Products

Postman

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating