Primary

Context

Yandex Disk Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking on MacOS

Vulnerability

A vulnerability in Yandex Disk for Desktop on MacOS, prior to version 3.2.45.3275, allows for search order hijacking due to an uncontrolled search path element. This could potentially be exploited to manipulate the order in which directories are searched for executable files, leading to unintended execution of malicious code.

Impact

Exploitation of this vulnerability could lead to search order hijacking, allowing an attacker to control the order in which the system searches for files, potentially leading to the execution of malicious code.

Remediation

Users can upgrade to Yandex Disk version 3.2.45.3275 or later to address this vulnerability.

Added: Dec 9, 2025, 7:16 PM

Updated: Dec 9, 2025, 7:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

7.7

relevance

1.4

threat

6.4

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

7.7

relevance

1.4

threat

6.4

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yandex Disk Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking on MacOS

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating