CVE-2025-66265 Insecure permissions in configuration directory (C:\\usr)

CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

CVE-2025-66265

The CVE-2025-66265 entry concerns MegaTec ClientMate’s CMService.exe that creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This enables attackers to replace configuration files (e.g., snmp.conf) or hijack DLLs to escalate...

CVE-2025-66264 Unquoted Service path in UPSilon2000V6.0 SYSTEM privilege service

The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation...