Greenshot Local Code-Execution Vulnerability (CVE-2025-59050) — CyberDudeBivash Alert By CyberDudeBivash (Bivash Kumar Nayak)
cyberdudebivash.com | cyberbivash.blogspot.com | cryptobivash.code.blog Publish Date: 18-09-2025 Summary Vulnerability ID: CVE-2025-59050 Affected Software: Greenshot ≤ version 1.3.300 (including GUI and any installed application using Greenshot.exe ) Vulnerability Type: Insecure deserialization via WM_COPYDATA IPC message handler Impact: Local arbitrary code execution (RCE) at user level; attacker needs a local process, but exploit is relatively simple Current Status: Proof-of-Concept (PoC) released; patched in version 1.3.301 What You Need to Know The vulnerability allows a local process (which could be user-owned or via a compromised app) to send a crafted WM_COPYDATA message containing serialized .NET data, deserialized by Greenshot using BinaryFormatter.Deserialize without validation . This can be used to execute attacker-controlled code. Many organizations use Greenshot (screenshot & annotation utility) as a lightweight tool. I...