Primary

Context

Disk Savvy Enterprise Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Disk Savvy Enterprise version 12.3.18 due to an unquoted service path in the service configuration. This flaw allows local attackers to execute arbitrary code by injecting malicious executables into the unquoted path of the service executable. The vulnerability could lead to privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized code execution with elevated privileges.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the Disk Savvy Enterprise application. After installation, the service can be queried using the Windows Management Instrumentation Command-line (WMIC) tool to reveal the unquoted path. This path can then be exploited to execute arbitrary code.

Added: Feb 3, 2026, 3:50 PM

Updated: Feb 3, 2026, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Disk Savvy Enterprise Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Disk Savvy Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating