CVE-2025-66461

High CVSS: 8.4

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.

Vendor

Product

CWE

CWE-428

Yayın Tarihi

2025-12-08 10:16:01

Güncelleme

2025-12-08 18:26:19

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-428 HIGH 2025

Referanslar

https://jvn.jp/en/jp/JVN59242986/ https://ps.gs-yuasa.com/technicalinfo/pdf/failure/FMP_info20251201_TEX48214-993.pdf