RSEC200965: Uncontrolled Search Path Element (CVE-2025-69599)

Advisory ID: RSEC200965

CVE Identifier: CVE-2025-69599

Affected products: RayVentory Scan Engine 12.6 Update 8 and previous versions.

Description

The RayVentory Inventory Agent (rvia) was vulnerable to PATH injection and library injection attacks due to uncontrolled search paths when locating external dependencies and executables. The agent searched for executables using system PATH variables without proper validation, allowing attackers to manipulate the environment to force the execution of malicious binaries.

Technical Details

  • Vulnerability Type: CWE-427 (Uncontrolled Search Path Element)
  • Attack Vector: Local
  • Impact: Arbitrary Code Execution (ACE)
  • Mechanism: The agent called utilities (e.g., curl) using relative names. An attacker could place malicious binaries in directories within the system PATH. Additionally, the bundled curl utility created attack vectors via external binary dependencies and dynamic library search path manipulation.

Severity

  • Rating: Critical
  • CVSS Base Score: [Pending]

Remediation

  • Fixed Version: RayVentory Scan Engine 12.6.3800.131 Update 9 (Released Feb 4, 2026)
  • Changes: Implementation of absolute path resolution for all utilities and environment sanitization prior to process execution.

Credits

Vulnerability identified by Rafael José Núñez Gulías of WSG127.

Global Timeline

  • Validation: January 16, 2026
  • Patch Development: January 29, 2026
  • Public Release: February 4, 2026

More information

For more information, refer to the Changelog (https://docs.raynet.de/rayventory/scan-engine/12.6-u9/Changelog.pdf).

Author: Alex Graf
Created at:
Last updated at:

Comments

Powered by Zendesk