CVE-2025-66461

MEDIUM

FULLBACK Manager Pro - Code Injection

Title source: llm

Description

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.

References (2)

[Various Sources] https://ps.gs-yuasa.com/technicalinfo/pdf/failure/FMP_info20251201_TEX48214-993.pdf

[Third Party Advisory] https://jvn.jp/en/jp/JVN59242986/

Scores

CVSS v3 6.7

EPSS 0.0003

EPSS Percentile 8.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (2)

GS Yuasa International Ltd./FULLBACK Manager Pro (for Windows) 4.00 and earlier

GS Yuasa International Ltd./FULLBACK Manager Pro for Network (for Windows) 3.00 and earlier

Published Dec 08, 2025

Tracked Since Feb 18, 2026