CVE-2025-66265

Vulnerability Description

CMService.exe creates the C:\\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files (such as snmp.conf) or hijack DLLs to escalate privileges.

Related Weaknesses (CWE)

CWE-269

References

https://www.megatec.com.tw/software-download/

FAQ

What is CVE-2025-66265?

CVE-2025-66265 is a documented vulnerability. CMService.exe creates the C:\\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files (such a...

How severe is CVE-2025-66265?

CVSS scoring is not yet available for CVE-2025-66265. Check NVD for updates.

Is there a patch for CVE-2025-66265?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.