CVE-2025-66264 – Unquoted Service path in AutoStart SYSTEM privileged service

CVE ID : CVE-2025-66264

Published : Nov. 26, 2025, 1:16 a.m. | 14 minutes ago

Description : The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…