CVE-2025-58400

Summary

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Affected Software

VendorProductVersion RangeStatus
RATOC Systems, Inc.RATOC RAID Monitoring Manager for Windowsprior to Ver.2.00.09.250820affected

Weaknesses

  • CWE-428: Unquoted search path or element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References