CVE-2025-66461

Summary

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.

Affected Software

VendorProductVersion RangeStatus
GS Yuasa International Ltd.FULLBACK Manager Pro (for Windows)4.00 and earlieraffected
GS Yuasa International Ltd.FULLBACK Manager Pro for Network (for Windows)3.00 and earlieraffected

Weaknesses

  • CWE-428: Unquoted search path or element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References