PT-2025-48122 · Unknown · Upsilon 2000+1
Abdul Mhanni
·
Published
2025-11-26
·
Updated
2025-11-26
·
CVE-2025-66266
CVSS v4.0
9.3
Critical
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
UPSilon 2000 version 6.0.5
UPSilon 2000 (affected versions not specified)
Description
The
RupsMon.exe service executable in UPSilon 2000 has insecure permissions, granting the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or modify the service configuration to achieve code execution and privilege escalation. The affected service is the RupsMon.exe service.Recommendations
Restrict access to the
RupsMon.exe service executable to prevent unauthorized modifications.
Audit permissions on the RupsMon.exe service executable and remove Full Control access for the 'Everyone' group.Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rupsmon.Exe
Upsilon 2000