CVE-2022-50914

HIGH

EaseUS Data Recovery <15.1.0.0 - Code Injection

Title source: llm

Description

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

Exploits (1)

exploitdb WRITEUP VERIFIED

by bios · textlocalwindows

https://www.exploit-db.com/exploits/50886

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.easeus.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/easeus-data-recovery-ensserverexe-unquoted-service-path

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50886

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

EaseUS/EaseUS Data Recovery 15.1.0.0

Published Jan 13, 2026

Tracked Since Feb 18, 2026