CVE-2025-66461_CVE-2025-66461

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.

Basic Information

ID CVE-2025-66461

Source jpcert

Published Dec 8, 2025 at 09:31

Affected Product

Vendor GS Yuasa International Ltd.

Product FULLBACK Manager Pro (for Windows)

Version 4.00 and earlier

Affected Versions GS Yuasa International Ltd. FULLBACK Manager Pro (for Windows) 4.00 and earlier
GS Yuasa International Ltd. FULLBACK Manager Pro for Network (for Windows) 3.00 and earlier

CWE Classification

CWE-428

References

{
    "lastseen": "",
    "description": "FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers  two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.",
    "published": "2025-12-08T09:31:44.026Z",
    "modified": "2025-12-08T09:31:44.026Z",
    "type": "cve",
    "title": "CVE-2025-66461",
    "source": "jpcert",
    "references": "https://ps.gs-yuasa.com/technicalinfo/pdf/failure/FMP_info20251201_TEX48214-993.pdf\nhttps://jvn.jp/en/jp/JVN59242986/",
    "id": "CVE-2025-66461",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428"
    ],
    "cvelist": null,
    "sourceData": "GS Yuasa International Ltd. FULLBACK Manager Pro (for Windows) 4.00 and earlier\nGS Yuasa International Ltd. FULLBACK Manager Pro for Network (for Windows) 3.00 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FULLBACK Manager Pro (for Windows)",
    "version": "4.00 and earlier",
    "vendor": "GS Yuasa International Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}