Description
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
References (3)
Core 3
Core References
Various Sources
https://www.ratocsystems.com/topics/userinfo/raidmanager202508/
Third Party Advisory
https://jvn.jp/en/jp/JVN98737186/
Scores
CVSS v3
6.7
EPSS
0.0016
EPSS Percentile
5.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-428
Status
published
Products (1)
RATOC Systems, Inc./RATOC RAID Monitoring Manager for Windows
prior to Ver.2.00.09.250820
Published
Sep 05, 2025
Tracked Since
Feb 18, 2026