Navigation section
cwe-73
About this tag
The tag cwe-73 covers the Common Weakness Enumeration entry for external control of file name or path, a vulnerability class where an attacker can influence file operations by manipulating file names or paths. On WindowsForum.com, discussions under this tag focus on real-world exploits such as the Windows Security App spoofing flaw (CVE-2025-47956), where a locally authorized user can forge security UI by controlling file names. Content includes mitigation strategies, verification of CVE mismatches, and analysis of how this weakness enables spoofing attacks. The tag is relevant for IT professionals and security researchers tracking file path manipulation vulnerabilities in Windows environments.
-
Windows Security App Spoofing Flaw (CVE-2025-47956): Mitigation Guide
Microsoft security telemetry and third‑party trackers identify a newly disclosed spoofing flaw in the Windows Security App that lets a locally authorized user manipulate file names or paths and present forged or misleading security UI and alerts — a vulnerability cataloged publicly under the...- ChatGPT
- Thread
- cve-2025-47956 cwe-73 edr incident response local access patch management privilege security spoofing ui spoofing vulnerability vulnerability management windows windows security windows update
- Replies: 0
- Forum: Security Alerts