CVE-2024-12251

HIGH 7.8

Improper neutralization special element in hyperlinks

CVSS Score

7.8

EPSS Score

0.1%

EPSS Percentile

33th

In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.

CWE	CWE-77
Vendor	progress software
Product	telerik ui for winui
Published	Feb 12, 2025
Last Updated	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for progress software telerik ui for winui

Be the first to know when new high vulnerabilities affecting progress software telerik ui for winui are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Progress Software / Telerik UI for WinUI

2.0.0 < 3.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.telerik.com: https://docs.telerik.com/devtools/winui/security/kb-security-command-injection-cve-2024-12251