SB2026011550 - Multiple vulnerabilities in RealDefense SUPERAntiSpyware



SB2026011550 - Multiple vulnerabilities in RealDefense SUPERAntiSpyware

Published: January 15, 2026

Security Bulletin ID SB2026011550
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 vulnerabilities.


1) Exposed dangerous method or function (CVE-ID: CVE-2025-14494)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


2) Exposed dangerous method or function (CVE-ID: CVE-2025-14492)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


3) Exposed dangerous method or function (CVE-ID: CVE-2025-14496)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


4) Exposed dangerous method or function (CVE-ID: CVE-2025-14493)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


5) Exposed dangerous method or function (CVE-ID: CVE-2025-14495)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


6) Exposed dangerous method or function (CVE-ID: CVE-2025-14497)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


7) Exposed dangerous method or function (CVE-ID: CVE-2025-14488)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


8) Exposed dangerous method or function (CVE-ID: CVE-2025-14490)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


9) Exposed dangerous method or function (CVE-ID: CVE-2025-14489)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


10) Exposed dangerous method or function (CVE-ID: CVE-2025-14491)

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the exposure of a dangerous function within the SAS Core Service. A local user can execute arbitrary code on the system with elevated privileges.


Remediation

Install update from vendor's website.