CVE-2025-12247
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12247
EUVD
EUVD-2025-36136
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
hasleo backup_suite 5.1
hasleo backup_suite 5.0
hasleo backup_suite 5.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12247 is an unquoted search path vulnerability in Hasleo Backup Suite version 5.2, affecting the HasleoBackupSuiteService and HasleoImageMountService Windows services. The services have ImagePath entries with spaces that are not enclosed in quotes. This causes the Windows service loader to misinterpret the path by splitting it at spaces and searching for executables in earlier path segments such as 'C:\Program.exe' or 'C:\Program Files\Hasleo\Hasleo.exe'. If a non-privileged local user can write a malicious executable to these locations, it will be executed with the service's LocalSystem privileges when the service starts or restarts, leading to local privilege escalation and potential full system compromise. [1, 2]

Impact Analysis

This vulnerability can allow a local attacker with limited privileges to escalate their privileges to LocalSystem by placing a malicious executable in a path segment that the service loader mistakenly executes. This can lead to full system compromise, allowing the attacker to gain control over the affected system and perform unauthorized actions with high privileges. [1, 2]

Detection Guidance

You can detect this vulnerability by checking the ImagePath of the HasleoBackupSuiteService and HasleoImageMountService Windows services for unquoted paths containing spaces. Specifically, look for paths like: C:\Program Files\Hasleo\Hasleo Backup Suite\bin\BackupService.exe and C:\Program Files\Hasleo\Hasleo Backup Suite\bin\ImageMountService.exe that are not enclosed in quotes. On a Windows system, you can use the following commands in an elevated command prompt or PowerShell to check the service ImagePath values: 1. Using sc.exe: sc qc HasleoBackupSuiteService sc qc HasleoImageMountService 2. Using PowerShell: Get-WmiObject win32_service | Where-Object { $_.Name -match 'Hasleo' } | Select-Object Name, PathName If the PathName values are unquoted and contain spaces, the system is vulnerable to this unquoted search path issue. [1, 2]

Mitigation Strategies

Immediate mitigation steps include: 1. Enclose the ImagePath of the affected services (HasleoBackupSuiteService and HasleoImageMountService) in quotation marks to prevent the Windows service loader from misinterpreting the path. 2. Tighten Access Control Lists (ACLs) on the directories and files involved, especially on the parent directories and any earlier path segments like C:\Program Files\Hasleo and C:\Program Files to prevent non-privileged users from writing malicious executables. 3. Avoid running these services with LocalSystem privileges unless absolutely necessary. 4. Upgrade the Hasleo Backup Suite to a version where this issue is fixed, if available. These steps reduce the risk of local privilege escalation via this unquoted search path vulnerability. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart