Cyber Resilience

CVE-2025-15595

Medium

Published: 03 March 2026

Published
03 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v4 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:Clear
EPSS Score 0.0009 0.7th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-15595 is a medium-severity Weak Authentication (CWE-1390) vulnerability in Jrsoftware Inno Setup. Its CVSS base score is 5.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-11 (User-installed Software).

Deeper analysis

CVE-2025-15595 is a privilege escalation vulnerability caused by DLL hijacking in Inno Setup versions 6.2.1 and earlier. This affects the Inno Setup installer software, which is widely used for creating Windows installers. The vulnerability is associated with CWE-1390 (Weak Buffering or Length Destination) and has a CVSS v3.1 base score of 7.8, reflecting high impact due to local attack vector, low attack complexity, no required privileges, user interaction, and high consequences for confidentiality, integrity, and availability.

A local attacker can exploit this vulnerability by tricking a user into running a malicious installer or interacting with a controlled environment where a hijacked DLL is loaded. No special privileges are needed (PR:N), but the attacker requires local access (AV:L) and user interaction (UI:R), such as executing the affected Inno Setup binary. Successful exploitation allows elevation to higher privileges, potentially granting full control over the system with high impacts on confidentiality, integrity, and availability.

Mitigation details are provided in the Inno Setup 6.2 release notes at https://jrsoftware.org/files/is6.2-whatsnew.htm, which likely address the DLL hijacking issue through updates in that version. Security practitioners should ensure systems use Inno Setup 6.2 or later and advise users to avoid running untrusted installers.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes DLL hijacking (T1574.002) enabling local privilege escalation (T1068) via malicious installer execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40417Shared CWE-1390
CVE-2025-23058Shared CWE-1390
CVE-2026-6886Shared CWE-1390
CVE-2025-12871Shared CWE-1390
CVE-2024-52541Shared CWE-1390
CVE-2025-40552Shared CWE-1390
CVE-2026-28710Shared CWE-1390
CVE-2025-57713Shared CWE-1390
CVE-2025-40554Shared CWE-1390
CVE-2026-4924Shared CWE-1390

Affected Assets

jrsoftware
inno setup
≤ 6.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identifying, prioritizing, and applying patches or upgrades to remediate the DLL hijacking flaw in vulnerable Inno Setup versions 6.2.1 and earlier.

prevent

Enforces deny-all, permit-by-exception policies to block execution of unapproved or vulnerable Inno Setup installers, preventing DLL hijacking exploitation.

prevent

Prohibits or strictly governs user-installed software, directly mitigating risks from running untrusted Inno Setup installers that enable local privilege escalation via DLL hijacking.

References