CVE-2025-50892
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-10-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easeus | eudskacs.sys_driver | 20250328 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the eudskacs.sys driver version 20250328, part of EaseUS Todo Backup 1.2.0.1. The driver does not properly check user privileges for certain input/output requests (IRP_MJ_READ and IRP_MJ_WRITE) to its device object. Because of this, a local attacker with low privileges can perform arbitrary raw disk reads and writes, which normally require higher privileges. [1]
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can read and write raw disk data arbitrarily. This can lead to disclosure of sensitive information such as critical system files (including SAM and SYSTEM registry hives), cause denial of service by corrupting data or system state, or escalate their privileges on the affected system, potentially gaining full control. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable eudskacs.sys driver version 20250328 installed on the system. Since the vulnerability involves improper privilege validation for I/O requests to the device object of this driver, detection involves verifying the driver version and its loaded status. Specific commands to detect the driver include using system tools to list loaded drivers, such as 'sc query eudskacs' or 'driverquery' on Windows systems. Additionally, checking the driver file version in the system drivers directory can help confirm if the vulnerable version is present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or disabling the vulnerable eudskacs.sys driver version 20250328 from the system, or upgrading EaseUS Todo Backup to a version that does not include this vulnerable driver. Restricting local user access to prevent exploitation and monitoring for suspicious activity related to raw disk reads and writes can also help mitigate risk until a patch or update is applied. [1]