Published:2025/09/05  Last Updated:2025/09/05

JVN#98737186
RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path

Overview

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path.

Products Affected

  • RATOC RAID Monitoring Manager for Windows versions prior to Ver.2.00.09.250820

Description

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability.

  • Unquoted search path or element (CWE-428)
    • CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
    • CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7
    • CVE-2025-58400

Impact

A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-58400
JVN iPedia JVNDB-2025-000073