Primary

Context

Yandex Messenger Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking

Vulnerability

A vulnerability in Yandex Messenger for Desktop on MacOS, prior to version 2.245, allows for uncontrolled search path elements, leading to search order hijacking. This issue could be exploited by manipulating the application's search path for dynamic libraries, potentially causing the application to load a malicious library instead of the intended one.

Impact

Exploitation of this vulnerability could lead to DLL hijacking, where an attacker could place a malicious DLL in a location that the application is configured to search, causing the application to load and execute the malicious code.

Remediation

Users can update to Yandex Messenger version 2.245 or later to address this vulnerability.

Added: Dec 9, 2025, 7:16 PM

Updated: Dec 9, 2025, 7:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

7.7

relevance

1.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

7.7

relevance

1.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yandex Messenger Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating