splashtop CVE Vulnerabilities & Metrics

Focus on splashtop vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About splashtop Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with splashtop. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total splashtop CVEs: 6
Earliest CVE date: 21 May 2020, 17:15 UTC
Latest CVE date: 28 Jul 2024, 03:15 UTC

Latest CVE reference: CVE-2024-42052

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical splashtop CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.65

Max CVSS: 7.2

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 2
4.0-6.9 1
7.0-8.9 3
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS splashtop CVEs

These are the five CVEs with the highest CVSS scores for splashtop, sorted by severity first and recency.

All CVEs for splashtop

CVE-2024-42052 splashtop vulnerability CVSS: 0 28 Jul 2024, 03:15 UTC

The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.

CVE-2023-3181 splashtop vulnerability CVSS: 0 25 Jan 2024, 16:15 UTC

The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

CVE-2021-42714 splashtop vulnerability CVSS: 7.2 15 Feb 2022, 19:15 UTC

Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2021-42713 splashtop vulnerability CVSS: 7.2 15 Feb 2022, 19:15 UTC

Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2021-42712 splashtop vulnerability CVSS: 7.2 15 Feb 2022, 14:15 UTC

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2020-12431 splashtop vulnerability CVSS: 6.3 21 May 2020, 17:15 UTC

A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0).