Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ABP and AES by ASUSTOR

    CVE-2025-13051 (GCVE-0-2025-13051)

    Vulnerability from nvd – Published: 2025-11-19 02:50 – Updated: 2025-11-19 20:04
    VLAI
    Title
    Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges
    Summary
    When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    ASUSTOR ABP and AES Affected: ABP 2.0 , ≤ 2.0.7.9050 (custom)
    Affected: AES 1.0 , ≤ 1.0.6.8290 (custom)
    Create a notification for this product.
    Date Public
    2025-11-19 02:45
    Credits
    Kazuma Matsumoto, Security Researcher at GMO Cybersecurity by IERAE, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T20:04:08.926104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T20:04:20.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit"
              ],
              "product": "ABP and AES",
              "vendor": "ASUSTOR",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.7.9050",
                  "status": "affected",
                  "version": "ABP 2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.6.8290",
                  "status": "affected",
                  "version": "AES 1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kazuma Matsumoto, Security Researcher at GMO Cybersecurity by IERAE, Inc."
            }
          ],
          "datePublic": "2025-11-19T02:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges.\u003cbr\u003e\u003cp\u003eThis issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.\u003c/p\u003e"
                }
              ],
              "value": "When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges.\nThis issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-19T03:15:31.719Z",
            "orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
            "shortName": "ASUSTOR1"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.asustor.com/security/security_advisory_detail?id=48"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
        "assignerShortName": "ASUSTOR1",
        "cveId": "CVE-2025-13051",
        "datePublished": "2025-11-19T02:50:57.285Z",
        "dateReserved": "2025-11-12T10:01:29.924Z",
        "dateUpdated": "2025-11-19T20:04:20.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8070 (GCVE-0-2025-8070)

    Vulnerability from nvd – Published: 2025-07-23 07:26 – Updated: 2025-07-23 14:10
    VLAI
    Title
    Windows service registered with an unquoted ImagePath vulnerability in the system registry
    Summary
    The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces. Affected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    ASUSTOR ABP and AES Affected: ABP 2.0 , ≤ 2.0.7.6130 (custom)
    Affected: AES 1.0 , ≤ 1.0.6.6133 (custom)
    Create a notification for this product.
    Credits
    Kazuma Matsumoto from GMO Cybersecurity by IERAE, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8070",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-23T14:10:33.819543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-23T14:10:47.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit"
              ],
              "product": "ABP and AES",
              "vendor": "ASUSTOR",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.7.6130",
                  "status": "affected",
                  "version": "ABP 2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.6.6133",
                  "status": "affected",
                  "version": "AES 1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kazuma Matsumoto from GMO Cybersecurity by IERAE, Inc."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.\nAffected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier."
                }
              ],
              "value": "The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.\nAffected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-23T07:27:30.090Z",
            "orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
            "shortName": "ASUSTOR1"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.asustor.com/security/security_advisory_detail?id=47"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Windows service registered with an unquoted ImagePath vulnerability in the system registry",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
        "assignerShortName": "ASUSTOR1",
        "cveId": "CVE-2025-8070",
        "datePublished": "2025-07-23T07:26:03.531Z",
        "dateReserved": "2025-07-23T03:45:31.946Z",
        "dateUpdated": "2025-07-23T14:10:47.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-13051 (GCVE-0-2025-13051)

    Vulnerability from cvelistv5 – Published: 2025-11-19 02:50 – Updated: 2025-11-19 20:04
    VLAI
    Title
    Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges
    Summary
    When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    ASUSTOR ABP and AES Affected: ABP 2.0 , ≤ 2.0.7.9050 (custom)
    Affected: AES 1.0 , ≤ 1.0.6.8290 (custom)
    Create a notification for this product.
    Date Public
    2025-11-19 02:45
    Credits
    Kazuma Matsumoto, Security Researcher at GMO Cybersecurity by IERAE, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T20:04:08.926104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T20:04:20.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit"
              ],
              "product": "ABP and AES",
              "vendor": "ASUSTOR",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.7.9050",
                  "status": "affected",
                  "version": "ABP 2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.6.8290",
                  "status": "affected",
                  "version": "AES 1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kazuma Matsumoto, Security Researcher at GMO Cybersecurity by IERAE, Inc."
            }
          ],
          "datePublic": "2025-11-19T02:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges.\u003cbr\u003e\u003cp\u003eThis issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.\u003c/p\u003e"
                }
              ],
              "value": "When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges.\nThis issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-19T03:15:31.719Z",
            "orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
            "shortName": "ASUSTOR1"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.asustor.com/security/security_advisory_detail?id=48"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
        "assignerShortName": "ASUSTOR1",
        "cveId": "CVE-2025-13051",
        "datePublished": "2025-11-19T02:50:57.285Z",
        "dateReserved": "2025-11-12T10:01:29.924Z",
        "dateUpdated": "2025-11-19T20:04:20.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8070 (GCVE-0-2025-8070)

    Vulnerability from cvelistv5 – Published: 2025-07-23 07:26 – Updated: 2025-07-23 14:10
    VLAI
    Title
    Windows service registered with an unquoted ImagePath vulnerability in the system registry
    Summary
    The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces. Affected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    ASUSTOR ABP and AES Affected: ABP 2.0 , ≤ 2.0.7.6130 (custom)
    Affected: AES 1.0 , ≤ 1.0.6.6133 (custom)
    Create a notification for this product.
    Credits
    Kazuma Matsumoto from GMO Cybersecurity by IERAE, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8070",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-23T14:10:33.819543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-23T14:10:47.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit"
              ],
              "product": "ABP and AES",
              "vendor": "ASUSTOR",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.7.6130",
                  "status": "affected",
                  "version": "ABP 2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.6.6133",
                  "status": "affected",
                  "version": "AES 1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kazuma Matsumoto from GMO Cybersecurity by IERAE, Inc."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.\nAffected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier."
                }
              ],
              "value": "The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.\nAffected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-23T07:27:30.090Z",
            "orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
            "shortName": "ASUSTOR1"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.asustor.com/security/security_advisory_detail?id=47"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Windows service registered with an unquoted ImagePath vulnerability in the system registry",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
        "assignerShortName": "ASUSTOR1",
        "cveId": "CVE-2025-8070",
        "datePublished": "2025-07-23T07:26:03.531Z",
        "dateReserved": "2025-07-23T03:45:31.946Z",
        "dateUpdated": "2025-07-23T14:10:47.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }