CVE-2025-62225_CVE-2025-62225

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Basic Information

ID CVE-2025-62225

Source jpcert

Published Nov 5, 2025 at 06:19

Affected Product

Vendor Sony Corporation

Product Optical Disc Archive Software (for Windows)

Version 1.0.0 to 5.5.2

Affected Versions Sony Corporation Optical Disc Archive Software (for Windows) 1.0.0 to 5.5.2

CWE Classification

CWE-428

References

{
    "lastseen": "",
    "description": "Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.",
    "published": "2025-11-05T06:19:44.575Z",
    "modified": "2025-11-05T06:19:44.575Z",
    "type": "cve",
    "title": "CVE-2025-62225",
    "source": "jpcert",
    "references": "https://www.sony.jp/oda/application/?srsltid=AfmBOoo8t7k-alQo7ZnV2MAhq8qfIJtFOJN41U2Tu-B1yrpx3Y_KHurk\nhttps://jvn.jp/en/jp/JVN81917433/",
    "id": "CVE-2025-62225",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428"
    ],
    "cvelist": null,
    "sourceData": "Sony Corporation Optical Disc Archive Software (for Windows) 1.0.0 to 5.5.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Optical Disc Archive Software (for Windows)",
    "version": "1.0.0 to 5.5.2",
    "vendor": "Sony Corporation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}