CVE-2025-66271

Summary

Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.Clone for Windowsprior to Ver.2.36affected

Weaknesses

  • CWE-428: Unquoted search path or element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References