CVE-2025-12247
7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Summary
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hasleo | Backup Suite | 5.0 | affected |
| Hasleo | Backup Suite | 5.1 | affected |
| Hasleo | Backup Suite | 5.2 | affected |
Weaknesses
- CWE-428: Unquoted Search Path
- CWE-426: Untrusted Search Path
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://vuldb.com/?id.329918
- https://vuldb.com/?ctiid.329918
- https://vuldb.com/?submit.672549
- https://vuldb.com/?submit.672548
- https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hasleo%20Backup%20Suite%20ImageMountService.md
- https://github.com/lakshayyverma/CVE-Discovery/blob/main/Halseo%20Backupservice.md
- https://www.easyuefi.com/backup-software/downloads/Hasleo_Backup_Suite_Free.exe
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.