CVE-2025-26692
HIGHSIOS Quick Agent V3 < 3.2.1 and V2 < 2.9.8 - Unauthenticated Path Traversal and Remote Code Execution
Title source: llmDescription
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running.
References (3)
Core 3
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN82536398/
Various Sources
https://mfp-support.sios.jp/hc/ja/articles/45853460006937
Various Sources
https://siosapps.sios.jp/agent_info/20250425001.html
Scores
CVSS v3
8.1
EPSS
0.0077
EPSS Percentile
50.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (2)
SIOS Technology, Inc./Quick Agent V2
prior to Ver2.9.8
SIOS Technology, Inc./Quick Agent V3
prior to Ver3.2.1
Published
Apr 28, 2025
Tracked Since
Feb 18, 2026