Vendor

EaseUS

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2022-50914	EaseUS Data Recovery	Hig	0.55	8.4	0.00		Jan 13, 2026	EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
CVE-2025-50892	EaseUS Todo Backup		0.00	—	0.00		Sep 10, 2025	The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation.

CVE-2022-50914HigJan 13, 2026
EaseUS
Data Recovery
risk 0.55cvss 8.4epss 0.00
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
CVE-2025-50892Sep 10, 2025
EaseUS
Todo Backup
risk 0.00cvss —epss 0.00
The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation.