CVE-2025-66269 – Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM

CVE ID : CVE-2025-66269

Published : Nov. 26, 2025, 2:15 a.m. | 20 minutes ago

Description : The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables live in

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66026 – REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

CVE-2025-66025 – Caido Improperly Handles External Links in Markdown

CVE-2025-66022 – FACTION Unauthenticated Custom Extension Upload leads to RCE

CVE-2025-66266 – Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation