CVE-2025-66264

Summary

The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.

Affected Software

VendorProductVersion RangeStatus
MegaTec TaiwanClientMate6.2.2affected

Weaknesses

  • CWE-428: CWE-428 Unquoted Search Path or Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References