SB2026011550 - Multiple vulnerabilities in RealDefense SUPERAntiSpyware
Published: January 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Exposed dangerous method or function (CVE-ID: CVE-2025-14494)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
2) Exposed dangerous method or function (CVE-ID: CVE-2025-14492)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
3) Exposed dangerous method or function (CVE-ID: CVE-2025-14496)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
4) Exposed dangerous method or function (CVE-ID: CVE-2025-14493)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
5) Exposed dangerous method or function (CVE-ID: CVE-2025-14495)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
6) Exposed dangerous method or function (CVE-ID: CVE-2025-14497)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
7) Exposed dangerous method or function (CVE-ID: CVE-2025-14488)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
8) Exposed dangerous method or function (CVE-ID: CVE-2025-14490)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
9) Exposed dangerous method or function (CVE-ID: CVE-2025-14489)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
10) Exposed dangerous method or function (CVE-ID: CVE-2025-14491)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://www.zerodayinitiative.com/advisories/ZDI-25-1163/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1172/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1171/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1170/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1169/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1168/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1167/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1166/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1165/
- https://www.zerodayinitiative.com/advisories/ZDI-25-1164/