Cyber Resilience

CVE-2025-20094

High

Published: 06 February 2025

Published
06 February 2025
Modified
04 February 2026
KEV Added
Patch
CVSS Score v3 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0004 14.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20094 is a high-severity Shatter (CWE-422) vulnerability in Hummingheads Defense Platform. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be…

more

executed with SYSTEM privilege.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hummingheads
defense platform
≤ 3.9.51.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References