CVE-2025-50892_CVE-2025-50892

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation.

AI Analysis

The eudskacs.sys driver in EaseUs Todo Backup fails to properly validate privileges for I/O requests, allowing local attackers to perform arbitrary raw disk operations.

Basic Information

ID CVE-2025-50892

Source mitre

Published Sep 10, 2025 at 00:00

Modified Sep 10, 2025 at 18:57

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-269

AI Assessment

AI Score 7.8 / 10

AI Severity HIGH

Vendor EaseUs

Product Todo Backup

Version 1.2.0.1

References

{
    "lastseen": "",
    "description": "The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation.",
    "published": "2025-09-10T00:00:00.000Z",
    "modified": "2025-09-10T18:57:55.337Z",
    "type": "cve",
    "title": "CVE-2025-50892",
    "source": "mitre",
    "references": "http://easeus.com\nhttps://gist.github.com/christopher-ellis-workday/756c998f9f59dd2c437d83e60c7ed220",
    "id": "CVE-2025-50892",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "The eudskacs.sys driver in EaseUs Todo Backup fails to properly validate privileges for I/O requests, allowing local attackers to perform arbitrary raw disk operations.",
    "ai_severity": "HIGH",
    "ai_vendor": "EaseUs",
    "ai_product": "Todo Backup",
    "ai_version": "1.2.0.1",
    "ai_score": 7.8
}