PT-2025-48123 · Unknown+2 · Upsilon 2000+2
Abdul Mhanni
·
Published
2025-11-26
·
Updated
2025-11-26
·
CVE-2025-66269
CVSS v4.0
7.1
High
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
UPSilon 2000 (affected versions not specified)
Description
The RupsMon and USBMate services operate with SYSTEM privileges and are configured with unquoted service paths. This configuration allows a local attacker to potentially intercept paths and elevate privileges if they possess write access to the directories preceding the legitimate service executable locations.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rupsmon
Upsilon 2000
Usbmate