CVE-2025-58400_CVE-2025-58400

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Basic Information

ID CVE-2025-58400

Source jpcert

Published Sep 5, 2025 at 05:36

Affected Product

Vendor RATOC Systems, Inc.

Product RATOC RAID Monitoring Manager for Windows

Version prior to Ver.2.00.09.250820

Affected Versions RATOC Systems, Inc. RATOC RAID Monitoring Manager for Windows prior to Ver.2.00.09.250820

CWE Classification

CWE-428

References

{
    "lastseen": "",
    "description": "RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.",
    "published": "2025-09-05T05:36:34.661Z",
    "modified": "2025-09-05T05:36:34.661Z",
    "type": "cve",
    "title": "CVE-2025-58400",
    "source": "jpcert",
    "references": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/\nhttps://www.ratocsystems.com/dlsoft/dlsoft_storage/dlsoft_hddcase/raidmanager/\nhttps://jvn.jp/en/jp/JVN98737186/",
    "id": "CVE-2025-58400",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428"
    ],
    "cvelist": null,
    "sourceData": "RATOC Systems, Inc. RATOC RAID Monitoring Manager for Windows prior to Ver.2.00.09.250820",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RATOC RAID Monitoring Manager for Windows",
    "version": "prior to Ver.2.00.09.250820",
    "vendor": "RATOC Systems, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}