Description
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
Published: 2025-07-15
Score: 8.5 High
EPSS: 8.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PSEvents.exe, the background component of several Panda Security products, runs at SYSTEM level and automatically loads DLL files from a directory that can be written by a normal user. The lack of path validation allows an attacker to drop a malicious DLL into that folder, causing the service to execute the code at full SYSTEM privileges. This elevation of privilege can result in arbitrary code execution with the highest available local rights.

Affected Systems

The vulnerability affects Panda Security Panda Antivirus Pro 2016, Panda Global Protection 2016, Panda Internet Security 2016, and Panda Small Business Protection—specifically all releases up to version 16.1.2. These products are used in many enterprise and small‑business environments.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity, and the EPSS score of 8% indicates a higher exploitation probability. Although the vulnerability is not listed in the CISA KEV catalog, the low‑privileged user requirement means local attackers can achieve SYSTEM code execution by writing a DLL to the monitored directory. Based on the description, the likely attack vector is a local file‑write compromise that leads to DLL hijacking.

Generated by OpenCVE AI on May 11, 2026 at 17:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Panda Security to version 16.1.2 or later and apply the vendor’s DLL loading fix
  • Revoke write permissions on the PSEvents.exe monitored DLL directory for all non‑administrator accounts and limit access to SYSTEM only
  • If an update is not immediately possible, move the monitored directory to a non‑writable location and adjust PSEvents.exe configuration or temporarily disable DLL loading from user‑writable paths

Generated by OpenCVE AI on May 11, 2026 at 17:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21431 PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
History

Fri, 21 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Pandasecurity
Pandasecurity panda Antivirus Pro
Pandasecurity panda Global Protection 2016
Pandasecurity panda Internet Security 2014
CPEs cpe:2.3:a:pandasecurity:panda_antivirus_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:pandasecurity:panda_global_protection_2016:*:*:*:*:*:*:*:*
cpe:2.3:a:pandasecurity:panda_internet_security_2014:*:*:*:*:*:*:*:*
Vendors & Products Pandasecurity
Pandasecurity panda Antivirus Pro
Pandasecurity panda Global Protection 2016
Pandasecurity panda Internet Security 2014

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00014}

Tue, 15 Jul 2025 14:30:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 15 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 13:15:00 +0000

Type Values Removed Values Added
Description PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
Title Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation
Weaknesses CWE-427
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pandasecurity Panda Antivirus Pro Panda Global Protection 2016 Panda Internet Security 2014
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T11:14:42.519Z

Reserved: 2025-04-15T19:15:22.560Z

Link: CVE-2025-34109

cve-icon Vulnrichment

Updated: 2025-07-15T13:37:10.250Z

cve-icon NVD

Status : Deferred

Published: 2025-07-15T13:15:30.683

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T17:30:15Z

Weaknesses