Home

Description

Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275.

PUBLISHED Reserved 2025-06-02 | Published 2025-12-09 | Updated 2025-12-09 | Assigner yandex




HIGH: 7.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/R:A/U:Amber

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

Any version before 3.2.45.3275
affected

Credits

Egor Filatov, Positive Technologies finder

References

yandex.com/bugbounty/i/hall-of-fame-products

cve.org (CVE-2025-5470)

nvd.nist.gov (CVE-2025-5470)

Download JSON