From Comodo Internet Security 2025 Flaws Allow Remote Code Execution With SYSTEM Privileges
| CVE ID | Vulnerability Type | CVSS Score | Attack Vector | Impact |
|---|---|---|---|---|
| CVE-2025-7095 | Improper Certificate Validation | 3.7 | Network | RCE, MITM |
| CVE-2025-7098 | Path Traversal in File Handler | 5.6 | Network | Arbitrary Write |
| CVE-2024-7251 | Local Privilege Escalation | 7.8 | Local | SYSTEM Exec |
The business got very dangerous, when I was reading this site the type of attack is impressive. 
And how would the COMODO development team comment on this? This is very serious and what are they going to do?
@cruelsister, this is way beyond my technical knowledge. Do you have any thoughts about this?
Really no need to freak over these. The 2nd (CVE-2025-7098) is very difficult and convoluted to employ, so is theoretical at best.
The other 2 presupposes that the attacker ALREADY has control of either the Local system (ability to execute low-privileged code), the connected Network or both in order to do any damage. Give me control of your system and I assure you I can do things to truly darken your day…
Thanks for your expertise 
Greetings, cruel sister. And thank you for your explanation!!
Following the report related to the topic
On the principle of action of a .bat file
Knowing that Comodo places all .bat files in a sandbox
So, apart from forcing execution by the user himself…
In short…
dmknght actually reporting a problems a while ago at COMODO updates which will cause code execution.
Dear “Xylentantivirus”, unlike “cruel sister”, do you think that it is dangerous? Still, we need to find out what the reaction of the Xitium and COMODO developers is.
Despite all this, the security flaw exists and has not been fixed.
It will always be exploited by someone.
Dear New_Style_xd, I agree with you, why and it is important to find out what the reaction of the Xitium and COMODO developers is.
Guys, please understand that these vulnerabilities are what is termed a two-step attack, where the attacker needs to first gain root access through another vulnerability before they can exploit the system.
These CVE’s are NOT” run this file and be compromised” exploits (also Comodo would alert to any prior Privilege elevation requests-thereby stopping Step 1).
Dear cruel sister, now you have explained everything clearly, thank you again!!!
dmknght the founder of these CVEs said (he can’t get register mail):
It’s in-LAN remote attack surface. It’s not like a snap and somebody over internet will magically exploits the victim. But in LAN, yeah. If user doesn’t enable any anti ARP attack, it’s a snap and boom
[17:10]
In fact, CVE-2025-7097 is the worst of them all. It executes system’s command remotely by Comodo’s service. Fully remote control of the system with maximum privilege. Also it’s a child process of Comodo services. Anybody could argue that Comodo could detect and prevent malicious payloads. In my POC, there was no detection (yes I bypassed them all. Even the path traversal ran privilege escalation module and some other like hashdump just fine)
Dear ZorKas and cruel sister, thank you once again for your reasonable and understandable answers. I completely trust you. But I don’t like that the COMODO development team, knowing about this (they were informed about it), didn’t react to it in any way.
I think the same as you, but as usual I believe that nothing will be done about these flaws and the others that were listed in the other topic more than a year ago.
Dear cruel sister. I really apologize for my persistence, but there is another vulnerability: "Xylenta[17:10]
In fact, the CVE-2025-7097 - the worst of them. It executes system commands remotely using the Comodo service. Fully remote control of the system with maximum privileges. It is also a child process of Comodo services. Anyone can argue that Comodo can detect and prevent malicious payloads. There was no detection in my POC (yes, I bypassed them all. Even path traversal ran the privilege escalation module and some others, like hashdump, without problems)
I have been using COMODO since the very first versions, for a very long time, and this is my only protection and AV COMODO has never let me down, but I am very confused by these stuffing about COMODO vulnerability. Once again, I ask you to forgive me for this weakness.
You’re absolutely right, there are several unsolved open KEYS from COMODO that can be exploited.
As you mentioned, your POC is one of them.
