Security readout for executives and security teams
Plain-English summary
CVE-2025-60749 is a high-severity DLL hijacking issue in Trimble SketchUp desktop 2025. A local authenticated attacker could potentially cause SketchUp’s web helper process to load a malicious libcef.dll, leading to code execution with serious confidentiality, integrity, and availability impact.
Executive priority
Treat as a high-priority workstation risk for environments using SketchUp 2025. Prioritize inventory and vendor update checks, especially on shared or developer workstations where local file-write opportunities are more common.
Technical view
The CVE describes CWE-427: uncontrolled search path element. The affected component is sketchup_webhelper.exe loading a crafted libcef.dll in SketchUp desktop 2025. CVSS 3.1 is 7.8: local attack vector, low complexity, low privileges required, no user interaction, and high C/I/A impact.
Likely exposure
Exposure is most likely on Windows endpoints running Trimble SketchUp desktop 2025. The provided CVE data does not include precise affected versions, CPEs, vulnerable paths, or fixed build numbers.
Exploitation context
No active exploitation is stated in the provided sources, and the CVE is not marked KEV. Exploitation requires local privileges and depends on DLL search path or file placement conditions around SketchUp’s web helper process.
Researcher notes
Evidence is limited to the CVE description, CVSS vector, CWE classification, and referenced public pages. The provided data does not name fixed builds, exact vulnerable file locations, or confirmed exploitation in the wild.
Mitigation direction
Check Trimble SketchUp guidance for fixed versions or vendor-recommended mitigations.
Update SketchUp desktop 2025 if a corrected release is available.
Restrict write access to SketchUp installation and application directories.
Monitor for unexpected libcef.dll files near SketchUp components.
Use endpoint controls to block untrusted DLL loading where feasible.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-427: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
3Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: noTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-427 · source CWE mapping
Uncontrolled Search Path Element
Uncontrolled Search Path Element represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.