CVE-2025-13433
Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path
Description
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
INFO
Published Date :
Nov. 20, 2025, 12:32 a.m.
Last Modified :
Nov. 20, 2025, 12:32 a.m.
Remotely Exploit :
No
Source :
VulDB
Affected Products
The following products are affected by CVE-2025-13433
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update MuseHub to a patched version.
- Configure Windows Service for secure path.
- Remove unnecessary write permissions.
- Implement secure coding practices.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-13433 vulnerability anywhere in the article.