CVE-2025-59307
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-17
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| century | raid_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Century Corporation's RAID Manager, which registers a Windows service with an unquoted file path. Because of this, a user who has write permission on the root directory of the system drive can exploit the unquoted path to execute arbitrary code with SYSTEM privileges, effectively gaining high-level control over the system. [2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with write access to the root directory of the system drive to execute arbitrary code with SYSTEM privileges. This means the attacker can perform any action on the system with the highest level of permissions, potentially leading to full system compromise, unauthorized administrative control, and execution of malicious software. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an unquoted service path in the Windows service registered by RAID Manager. To detect it, you can check for unquoted service paths using PowerShell or command line. For example, run the command: Get-WmiObject win32_service | Where-Object { $_.PathName -like '* *' -and $_.PathName -notlike '"*"*' } | Select-Object Name, PathName to find services with unquoted paths. Alternatively, use sc qc <ServiceName> to query the service configuration and inspect the ImagePath for unquoted spaces. Detecting write permissions on the root directory of the system drive for non-administrative users is also relevant. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include uninstalling the existing vulnerable RAID Manager version and installing the updated fixed version released by Century Corporation. The uninstallation involves removing "Century HW RAID Manager" via Windows settings, running the provided batch file "CRIB_Del.bat" with administrator privileges to delete residual files, and then installing the new RAID Manager version. Additionally, ensure that write permissions on the root directory of the system drive are restricted to trusted users only to prevent exploitation. [1, 2]