{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-12247", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-26T05:18:20.122Z", "datePublished": "2025-10-27T08:02:06.216Z", "dateUpdated": "2025-10-27T08:02:06.216Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-27T08:02:06.216Z"}, "title": "Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-428", "lang": "en", "description": "Unquoted Search Path"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-426", "lang": "en", "description": "Untrusted Search Path"}]}], "affected": [{"vendor": "Hasleo", "product": "Backup Suite", "versions": [{"version": "5.0", "status": "affected"}, {"version": "5.1", "status": "affected"}, {"version": "5.2", "status": "affected"}], "modules": ["HasleoImageMountService/HasleoBackupSuiteService"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised."}, {"lang": "de", "value": "In Hasleo Backup Suite up to 5.2 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente HasleoImageMountService/HasleoBackupSuiteService. Durch Manipulieren mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Sie gilt als schwierig ausnutzbar. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Ein Upgrade der betroffenen Komponente wird empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-10-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-26T06:23:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "lakshay12311 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.329918", "name": "VDB-329918 | Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.329918", "name": "VDB-329918 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.672549", "name": "Submit #672549 | Hasleo Software Hasleo Backup Suite 5.2 Unquoted Search Path", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.672548", "name": "Submit #672548 | Hasleo Software Hasleo Backup Suite 5.2 Unquoted Search Path (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hasleo%20Backup%20Suite%20ImageMountService.md", "tags": ["related"]}, {"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Halseo%20Backupservice.md", "tags": ["exploit"]}, {"url": "https://www.easyuefi.com/backup-software/downloads/Hasleo_Backup_Suite_Free.exe", "tags": ["patch"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised."}], "id": "CVE-2025-12247", "lastModified": "2025-10-27T08:15:37.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-27T08:15:37.343", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Halseo%20Backupservice.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hasleo%20Backup%20Suite%20ImageMountService.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.329918"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.329918"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.672548"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.672549"}, {"source": "cna@vuldb.com", "url": "https://www.easyuefi.com/backup-software/downloads/Hasleo_Backup_Suite_Free.exe"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-428"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}