CWE-428
Unquoted Search Path or Element
BaseDraft
Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (210)
page 10 of 11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-34499 | Med | 0.45 | — | 0.00 | Dec 11, 2025 | AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions. | |
| CVE-2026-7280 | Med | 0.44 | 6.7 | 0.00 | Apr 28, 2026 | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts. | |
| CVE-2026-1585 | Med | 0.44 | 6.7 | 0.00 | Feb 27, 2026 | An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service. | |
| CVE-2026-24466 | Med | 0.44 | 6.7 | 0.00 | Feb 9, 2026 | Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-66271 | Med | 0.44 | 6.7 | 0.00 | Dec 9, 2025 | Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-66461 | Med | 0.44 | 6.7 | 0.00 | Dec 8, 2025 | FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed. | |
| CVE-2025-32449 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-64151 | Med | 0.44 | 6.7 | 0.00 | Nov 5, 2025 | Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-62225 | Med | 0.44 | 6.7 | 0.00 | Nov 5, 2025 | Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-60320 | Med | 0.44 | 6.7 | 0.00 | Oct 29, 2025 | memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service (memoQauhlp101). The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to SYSTEM by placing a malicious executable at C:\Program.exe. | |
| CVE-2025-61865 | Med | 0.44 | 6.7 | 0.00 | Oct 23, 2025 | Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-61871 | Med | 0.44 | 6.7 | 0.00 | Oct 10, 2025 | NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-9818 | Med | 0.44 | 6.7 | 0.00 | Sep 17, 2025 | A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces. | |
| CVE-2025-59307 | Med | 0.44 | 6.7 | 0.00 | Sep 17, 2025 | RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-58400 | Med | 0.44 | 6.7 | 0.00 | Sep 5, 2025 | RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |
| CVE-2025-57699 | Med | 0.44 | 6.7 | 0.00 | Aug 22, 2025 | Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege. | |
| CVE-2025-9043 | Med | 0.44 | — | 0.00 | Aug 14, 2025 | The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges. | |
| CVE-2024-5963 | Med | 0.44 | 6.7 | 0.00 | Aug 6, 2024 | Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. | |
| CVE-2017-14019 | Med | 0.44 | 6.7 | 0.00 | Oct 19, 2017 | An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges. | |
| CVE-2017-5873 | Med | 0.44 | 6.7 | 0.00 | Apr 11, 2017 | Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. |