EaseUS Todo Backup Privilege Validation Vulnerability in eudskacs.sys Driver Allowing Arbitrary Disk I/O Operations

Vulnerability

A vulnerability exists in the eudskacs.sys driver, specifically in version 20250328, which is included with EaseUS Todo Backup 1.2.0.1. The driver does not properly validate privileges for input/output requests related to reading and writing operations. This flaw enables a local, low-privileged attacker to execute arbitrary raw disk read and write commands. The consequences of this vulnerability include unauthorized access to sensitive information, potential denial of service, and local privilege escalation.

Impact

Exploitation of this vulnerability could allow a low-privileged user to read arbitrary system files, such as the SAM and SYSTEM hives, leading to unauthorized information disclosure. Additionally, the vulnerability could be used to cause a denial of service or to escalate privileges locally.

Added: Sep 10, 2025, 6:20 PM

Updated: Sep 10, 2025, 7:28 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

9.2

exploitability

3.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

9.2

exploitability

3.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EaseUS Todo Backup Privilege Validation Vulnerability in eudskacs.sys Driver Allowing Arbitrary Disk I/O Operations

Vulnerability

Impact

Affected Products

EaseUS Todo Backup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating