Cyber Resilience

CVE-2025-63685

CriticalPublic PoC

Published: 20 November 2025

Published
20 November 2025
Modified
16 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63685 is a critical-severity Object Hijack (CWE-491) vulnerability in Quark Quark Cloud Drive. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious…

more

DLL in the application's startup directory, which will be loaded and executed when the user launches the program.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.008 Path Interception by Search Order Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.
Why these techniques?

The vulnerability allows placing a malicious executable named regsvr32.exe in the application's directory, exploiting Windows search path order to hijack execution of the legitimate system binary (Path Interception by Search Order Hijacking).

Affected Assets

quark
quark cloud drive
3.23.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References