cvedb.io
CVE-2025-63685
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-11-20T21:16:06.370 · Last modified 2026-06-17T09:53:22.367

Summary

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's startup directory, which will be loaded and executed when the user launches the program.

Affected products

quark — quark_cloud_drive

Does this affect you?

Add your gear to cvedb and we'll alert you only when quark ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.