Home

Description

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245

PUBLISHED Reserved 2025-06-02 | Published 2025-12-09 | Updated 2025-12-09 | Assigner yandex




HIGH: 7.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/R:A

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

Any version before 2.245
affected

Credits

Egor Filatov, Positive Technologies finder

References

yandex.com/bugbounty/i/hall-of-fame-products

cve.org (CVE-2025-5469)

nvd.nist.gov (CVE-2025-5469)

Download JSON