[Japanese]

JVNDB-2025-000107

Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries

Overview

Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation uses an inappropriate DLL search path list, which may lead to insecurely loading Dynamic Link Libraries.
  • Uncontrolled search path element (CWE-427) - CVE-2025-12852
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


NEC Corporation
  • rakuraku.wlanstart.ex for Windows all versions

*This product is a tool for Windows XP/Vista/7/8/10.
Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.
Solution

[Stop using the tool]
The developer states that the affected tool is no longer supported and recommends not to use anymore.
Refer to the information provided by the developer for details.
Vendor Information

NEC Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-12852
References

  1. JVN : JVN#50288352
  2. JVN : Japan Vulnerability Notes JVNTA#91240916
Revision History

  • [2025/11/19]
      Web page was published

Date Public2025/11/19
Date First Published2025/11/19
Date Last Updated2025/11/19