CVE-2025-50892

Medienbericht

EPSS 0.12%
Veröffentlicht 10.09.2025 00:00:00
Zuletzt bearbeitet 20.10.2025 14:37:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Easeus ≫ Eudskacs.Sys Driver Version20250328

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

20.04.2026 16:46

http://easeus.com

Product

https://gist.github.com/christopher-ellis-workday/756c998f9f59dd2c437d83e60c7ed220

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-50892

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-50892

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-50892

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-50892