CVE-2022-50914
Unquoted Service Path Vulnerability in EaseUS UPDATE SERVICE Enables Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easeus | data_recovery | 15.1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in the EaseUS UPDATE SERVICE executable (ensserver.exe) of EaseUS Data Recovery version 15.1.0.0. Because the service path contains spaces but is not enclosed in quotation marks, an attacker with local access can place a malicious executable in a location that Windows will mistakenly execute with elevated LocalSystem privileges. This allows the attacker to run arbitrary code with high privileges on the affected system. [1, 2]
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute malicious code with LocalSystem privileges, which are the highest privileges on a Windows system. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of files, installation of persistent malware, and disruption of system availability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying unquoted service paths in Windows services, specifically looking for the EaseUS UPDATE SERVICE executable 'ensserver.exe'. Commands such as 'wmic service get name,pathname,startmode' and 'sc qc "EaseUS UPDATE SERVICE"' can be used to check the service executable path and verify if it is unquoted and contains spaces. These commands help find services with unquoted paths that could be exploited. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotation marks to prevent path hijacking. Alternatively, updating the EaseUS Data Recovery software to a version where this vulnerability is fixed or removing the vulnerable service if not needed can reduce risk. Ensuring that only trusted users have local access also helps mitigate exploitation. [1, 2]