CVE-2025-66264

Vulnerability Description

The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.

Related Weaknesses (CWE)

CWE-428

References

https://www.megatec.com.tw/software-download/

FAQ

What is CVE-2025-66264?

CVE-2025-66264 is a documented vulnerability. The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in th...

How severe is CVE-2025-66264?

CVSS scoring is not yet available for CVE-2025-66264. Check NVD for updates.

Is there a patch for CVE-2025-66264?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.