CVE-2025-66269

The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...

CVE-2025-66266

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

CVE-2025-66269

The CVE-2025-66269 entry concerns MegaTec UPSilon2000 software where the RupsMon and USBMate services run with SYSTEM privileges and use unquoted service paths. This configuration allows a local attacker with write access to directories preceding the real service executables to intercept the serv...

EUVD-2025-199688

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...