CVE-2025-12507

Summary

The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.

Affected Software

VendorProductVersion RangeStatus
Bizerba_connect.BRAIN0.0 < 5.02affected

Weaknesses

  • CWE-428: CWE-428 Unquoted Search Path or Element

Workarounds

Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BCS\ImagePath

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References