PT-2025-37082 · Easeus · Easeus Todo Backup
Christopher-Ellis-Workday
·
Published
2025-09-10
·
Updated
2025-10-20
·
CVE-2025-50892
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
EaseUs Todo Backup version 1.2.0.1
Description:
The
eudskacs.sys driver version 20250328 fails to properly validate privileges for I/O requests (IRP MJ READ/IRP MJ WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, potentially leading to sensitive information disclosure, denial of service, or local privilege escalation.Recommendations:
Update to a newer version of EaseUs Todo Backup that does not include the vulnerable
eudskacs.sys driver version 20250328.Fix
DoS
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easeus Todo Backup