CVE-2025-59307
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-09-17

Assigner: JPCERT/CC

Description
RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-09-17
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59307
EUVD
EUVD-2025-29685
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
century raid_manager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Century Corporation's RAID Manager, which registers a Windows service with an unquoted file path. Because of this, a user who has write permission on the root directory of the system drive can exploit the unquoted path to execute arbitrary code with SYSTEM privileges, effectively gaining high-level control over the system. [2]

Impact Analysis

If exploited, this vulnerability allows an attacker with write access to the root directory of the system drive to execute arbitrary code with SYSTEM privileges. This means the attacker can perform any action on the system with the highest level of permissions, potentially leading to full system compromise, unauthorized administrative control, and execution of malicious software. [1, 2]

Detection Guidance

This vulnerability involves an unquoted service path in the Windows service registered by RAID Manager. To detect it, you can check for unquoted service paths using PowerShell or command line. For example, run the command: Get-WmiObject win32_service | Where-Object { $_.PathName -like '* *' -and $_.PathName -notlike '"*"*' } | Select-Object Name, PathName to find services with unquoted paths. Alternatively, use sc qc <ServiceName> to query the service configuration and inspect the ImagePath for unquoted spaces. Detecting write permissions on the root directory of the system drive for non-administrative users is also relevant. [2]

Mitigation Strategies

Immediate mitigation steps include uninstalling the existing vulnerable RAID Manager version and installing the updated fixed version released by Century Corporation. The uninstallation involves removing "Century HW RAID Manager" via Windows settings, running the provided batch file "CRIB_Del.bat" with administrator privileges to delete residual files, and then installing the new RAID Manager version. Additionally, ensure that write permissions on the root directory of the system drive are restricted to trusted users only to prevent exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59307. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart