Primary

Context

EaseUS Data Recovery Unquoted Service Path Vulnerability Allowing Code Execution

Vulnerability

A vulnerability exists in EaseUS Data Recovery version 15.1.0.0, specifically within the EaseUS UPDATE SERVICE executable. This vulnerability is characterized by an unquoted service path, which can be exploited by attackers to inject and execute malicious code with elevated LocalSystem privileges.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with LocalSystem privileges.

Reproduction

The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. This can be done using the Windows Service Control (sc) command. Once the service is created, it can be exploited to execute malicious payloads with elevated privileges.

Added: Jan 14, 2026, 12:23 AM

Updated: Jan 14, 2026, 12:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EaseUS Data Recovery Unquoted Service Path Vulnerability Allowing Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating