CVE-2025-8070
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: ASUSTOR, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asustor | abp | 2.0.7.6130 |
| asustor | aes | 1.0.6.6133 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in the Windows service configuration of ABP and AES. It occurs because the ImagePath registry value for the service is not enclosed in quotes, allowing a local attacker to place a malicious executable in a predictable location such as C:\Program.exe. When the service runs, it may execute this malicious file, enabling the attacker to run arbitrary code. If the service runs with elevated privileges, this can lead to privilege escalation to the SYSTEM level.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to execute arbitrary code on the affected system. If exploited, it can lead to privilege escalation, granting the attacker SYSTEM-level access, which is the highest level of privilege on a Windows system. This can result in full control over the affected machine, potentially compromising data, system integrity, and security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for unquoted service paths in the Windows registry for the affected services (ABP and AES). A common method is to query the ImagePath registry value of the service and look for unquoted paths containing spaces. For example, you can use the following command in an elevated command prompt or PowerShell to list services with unquoted paths: PowerShell: Get-WmiObject win32_service | Where-Object { $_.PathName -match ' ' -and $_.PathName -notmatch '"' } | Select-Object Name, PathName This command lists services whose executable paths contain spaces but are not enclosed in quotes, which indicates potential vulnerability to unquoted service path issues.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted ImagePath registry values by enclosing the executable paths in double quotes to prevent execution of malicious files placed in predictable locations. Additionally, ensure that only trusted users have local access to the system to reduce the risk of local exploitation. Applying updates or patches from the vendor that address this vulnerability is also recommended once available.