Inno Setup: Malicious DLL Can Take Over Privileged Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.7

Inno Setup: Malicious DLL Can Take Over Privileged Access

CVE-2025-15595

Summary

Older versions of Inno Setup are vulnerable to a type of attack where a malicious DLL can be injected, allowing unauthorized access to sensitive system settings and potentially taking control of the system. This affects systems that use Inno Setup to install software. Users of affected versions should update to the latest version of Inno Setup to protect their systems.

Original title

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.

Original description

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.

nvd CVSS4.0 5.7

Vulnerability type

CWE-1390

https://jrsoftware.org/files/is6.2-whatsnew.htm

Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026