CVE-2025-12247
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hasleo | backup_suite | 5.1 |
| hasleo | backup_suite | 5.0 |
| hasleo | backup_suite | 5.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12247 is an unquoted search path vulnerability in Hasleo Backup Suite version 5.2, affecting the HasleoBackupSuiteService and HasleoImageMountService Windows services. The services have ImagePath entries with spaces that are not enclosed in quotes. This causes the Windows service loader to misinterpret the path by splitting it at spaces and searching for executables in earlier path segments such as 'C:\Program.exe' or 'C:\Program Files\Hasleo\Hasleo.exe'. If a non-privileged local user can write a malicious executable to these locations, it will be executed with the service's LocalSystem privileges when the service starts or restarts, leading to local privilege escalation and potential full system compromise. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with limited privileges to escalate their privileges to LocalSystem by placing a malicious executable in a path segment that the service loader mistakenly executes. This can lead to full system compromise, allowing the attacker to gain control over the affected system and perform unauthorized actions with high privileges. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the ImagePath of the HasleoBackupSuiteService and HasleoImageMountService Windows services for unquoted paths containing spaces. Specifically, look for paths like: C:\Program Files\Hasleo\Hasleo Backup Suite\bin\BackupService.exe and C:\Program Files\Hasleo\Hasleo Backup Suite\bin\ImageMountService.exe that are not enclosed in quotes. On a Windows system, you can use the following commands in an elevated command prompt or PowerShell to check the service ImagePath values: 1. Using sc.exe: sc qc HasleoBackupSuiteService sc qc HasleoImageMountService 2. Using PowerShell: Get-WmiObject win32_service | Where-Object { $_.Name -match 'Hasleo' } | Select-Object Name, PathName If the PathName values are unquoted and contain spaces, the system is vulnerable to this unquoted search path issue. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Enclose the ImagePath of the affected services (HasleoBackupSuiteService and HasleoImageMountService) in quotation marks to prevent the Windows service loader from misinterpreting the path. 2. Tighten Access Control Lists (ACLs) on the directories and files involved, especially on the parent directories and any earlier path segments like C:\Program Files\Hasleo and C:\Program Files to prevent non-privileged users from writing malicious executables. 3. Avoid running these services with LocalSystem privileges unless absolutely necessary. 4. Upgrade the Hasleo Backup Suite to a version where this issue is fixed, if available. These steps reduce the risk of local privilege escalation via this unquoted search path vulnerability. [1, 2]