Medium severity6.7NVD Advisory· Published Oct 29, 2025· Updated Apr 15, 2026

CVE-2025-60320

Description

memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service (memoQauhlp101). The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to SYSTEM by placing a malicious executable at C:\Program.exe.

Affected products

Joseraeiro/Security Advisoriesreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.memoq.com/helpcenter/nvd
github.com/joseraeiro/security-advisories/blob/e0b1095de8b3162fb0d9de9a688317a12fdd9be8/CVE-2025-60320.mdnvd

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000