CVE-2025-66266

Vulnerability Description

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting and stopping the service to immediately achieve code execution and privilege escalation

Related Weaknesses (CWE)

CWE-269

References

https://www.megatec.com.tw/software-download/

FAQ

What is CVE-2025-66266?

CVE-2025-66266 is a documented vulnerability. The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute ...

How severe is CVE-2025-66266?

CVSS scoring is not yet available for CVE-2025-66266. Check NVD for updates.

Is there a patch for CVE-2025-66266?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.