CVE-2025-58400
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-05
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ratoc | raid_monitoring_manager | 2.00.09 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in RATOC RAID Monitoring Manager for Windows because it registers a Windows service with an unquoted file path. This flaw allows a user who has write permission on the root directory of the system drive to execute arbitrary code with SYSTEM privileges, effectively enabling privilege escalation through an unquoted search path issue. [1, 3]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local user with write access to the root directory of the system drive to execute arbitrary code with SYSTEM-level privileges. This means an attacker could gain full control over the affected system, potentially compromising confidentiality, integrity, and availability of data and system resources. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the RATOC RAID Monitoring Manager for Windows is installed with a vulnerable version prior to 2.00.09.250820. You can verify the installed software version by navigating through Start > Settings > Apps > Installed Apps and checking the version of "RATOC RAIDη£θ¦γγγΌγΈγ£γΌ." Additionally, detection involves verifying if the Windows service registered by the software has an unquoted file path, which is the root cause of the vulnerability. While specific commands are not provided in the resources, a common approach is to use PowerShell or command prompt to list services and check their executable paths for unquoted spaces, for example: `sc qc <service_name>` or `Get-WmiObject win32_service | select Name, PathName` and inspect the PathName for unquoted spaces. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the RATOC RAID Monitoring Manager software to version 2.00.09.250820 or later, which includes a fix for this vulnerability. Users should download the latest installer from the official RATOC software download page and run it to update the software. Confirm the update by verifying the software version shows 2.00.09.250820. This update modifies the installer to correct the unquoted service path issue, preventing privilege escalation. Until the update is applied, restrict write permissions on the root directory of the system drive to trusted users only to reduce risk. [1, 3]