CVE-2025-9000
BaseFortify
Publication date: 2025-08-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mechrevo | control_center_gx_v2 | 5.56.51.48 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Mechrevo Control Center GX V2 5.56.51.48 involves insecure handling of .reg (registry) files by the installer, which runs with elevated system privileges. The installer does not validate the integrity or authenticity of these .reg files, allowing an attacker with write access to modify them and inject malicious registry entries or commands. This can lead to privilege escalation, persistent backdoors, or arbitrary code execution with SYSTEM-level privileges. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to escalate their privileges to the highest system level (NT AUTHORITY\SYSTEM), execute arbitrary code, and establish persistent backdoors on the affected system. This can compromise the entire system's security and integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for unauthorized or suspicious modifications to .reg files used by the Mechrevo Control Center GX installer, as these files are not validated and can be manipulated. On the local system, you can monitor changes to .reg files in the installation directories or related paths. Commands such as 'Get-ChildItem -Path <path_to_reg_files> -Filter *.reg -Recurse | Get-FileHash' in PowerShell can help identify unexpected changes by comparing file hashes over time. Additionally, reviewing Windows Event Logs for unusual registry modifications or installer activity running with elevated privileges may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting write permissions to the .reg files used by the Mechrevo Control Center GX installer to prevent unauthorized modification. Ensure that only trusted administrators have access to these files. Additionally, monitor and audit registry changes and installer activities with elevated privileges. Applying any available patches or updates from the vendor that address this vulnerability is also recommended once released. As a temporary measure, consider limiting the use of the vulnerable installer or running it in a controlled environment to reduce risk. [1]