CVE-2025-63685
Published: 20 November 2025
Summary
CVE-2025-63685 is a critical-severity Object Hijack (CWE-491) vulnerability in Quark Quark Cloud Drive. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-198336
Vulnerability details
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious…
more
DLL in the application's startup directory, which will be loaded and executed when the user launches the program.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows placing a malicious executable named regsvr32.exe in the application's directory, exploiting Windows search path order to hijack execution of the legitimate system binary (Path Interception by Search Order Hijacking).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.