CVE 9.3 CRITICAL

Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation_CVE-2025-66266

November 25, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Description

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting and stopping the service to immediately achieve code execution and privilege escalation

AI Analysis

Insecure permissions in RupsMon.exe service executable allowing local attackers to replace the executable with malicious binary for code execution and privilege escalation

Basic Information

ID CVE-2025-66266

Source Gridware

Published Nov 26, 2025 at 01:16

Modified Nov 26, 2025 at 01:20

Affected Product

Vendor MegaTec Taiwan

Product UPSilon2000V6.0

Version 6.0.5

Affected Versions MegaTec Taiwan UPSilon2000V6.0 6.0.5

CWE Classification

CWE-269

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor MegaTec Taiwan

Product UPSilon2000V6.0

Version 6.0.5

References

www.megatec.com.tw /software-download/

{
    "lastseen": "",
    "description": "The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting and stopping the service to immediately achieve code execution and privilege escalation",
    "published": "2025-11-26T01:16:40.731Z",
    "modified": "2025-11-26T01:20:44.984Z",
    "type": "cve",
    "title": "Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation",
    "source": "Gridware",
    "references": "https://www.megatec.com.tw/software-download/",
    "id": "CVE-2025-66266",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "MegaTec Taiwan UPSilon2000V6.0 6.0.5",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "UPSilon2000V6.0",
    "version": "6.0.5",
    "vendor": "MegaTec Taiwan",
    "ai_description": "Insecure permissions in RupsMon.exe service executable allowing local attackers to replace the executable with malicious binary for code execution and privilege escalation",
    "ai_severity": "Critical",
    "ai_vendor": "MegaTec Taiwan",
    "ai_product": "UPSilon2000V6.0",
    "ai_version": "6.0.5",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply