{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2019-25268", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-06T16:07:08.525Z", "datePublished": "2026-01-07T23:09:58.121Z", "dateUpdated": "2026-01-08T19:26:09.416Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-01-07T23:09:58.121Z" }, "datePublic": "2019-03-09T00:00:00.000Z", "title": "NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution", "descriptions": [ { "lang": "en", "value": "NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Uncontrolled Search Path Element", "cweId": "CWE-427", "type": "CWE" } ] } ], "affected": [ { "vendor": "NREL", "product": "BEopt", "versions": [ { "version": "2.8.0.0", "status": "affected" }, { "version": "2.7.0.0", "status": "affected" }, { "version": "2.6.0.1", "status": "affected" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5513.php", "name": "Zero Science Lab Vulnerability Advisory", "tags": [ "third-party-advisory" ] }, { "url": "https://packetstormsecurity.com/files/152043", "name": "Packet Storm Security Exploit Entry", "tags": [ "exploit" ] }, { "url": "https://cxsecurity.com/issue/WLB-2019030108", "name": "CXSecurity Vulnerability Listing", "tags": [ "third-party-advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158065", "name": "IBM X-Force Vulnerability Exchange", "tags": [ "vdb-entry" ] }, { "url": "https://web.archive.org/web/20190915095657/https://beopt.nrel.gov/", "name": "BEopt Product Homepage", "tags": [ "product" ] } ], "credits": [ { "lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder" } ], "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-01-08T19:26:03.084975Z", "id": "CVE-2019-25268", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T19:26:09.416Z" } } ] } }