CVE-2025-61865
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-12-10
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| i-o_data_device | narsus_app | 2.33 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the NarSuS App involves the registration of a Windows service with an unquoted file path. Because of this, a user who has write permission on the root directory of the system drive can exploit the unquoted search path to execute arbitrary code with SYSTEM privileges, which means they can run code with the highest level of access on the system. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with write access to the root of the system drive to execute arbitrary code with SYSTEM privileges. This can lead to full control over the affected system, compromising confidentiality, integrity, and availability of data and system resources, potentially allowing unauthorized actions such as installing malware, stealing data, or disrupting services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the NarSuS App registers a Windows service with an unquoted file path. You can use the Windows command line to list services and inspect their executable paths for unquoted spaces. For example, run the command: sc qc <service_name> to query the service configuration and check if the ImagePath contains unquoted spaces. Additionally, use: wmic service get name,pathname to list all services and their paths, then look for unquoted paths. If the NarSuS App service path is unquoted, the system is vulnerable. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the NarSuS App to version 2.33 or later, where this vulnerability has been fixed. If your product is discontinued and does not support the updated version, consider replacing the product. Ensure that users without necessary permissions do not have write access to the root directory of the system drive to reduce risk. [1, 2]