Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-53912 USB Flash Drives Control 4.1.0.0 Unquoted Service Path Privilege Escalation — USB Flash Drives Control 6.2 Medium2025-12-17
CVE-2025-34499 AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability — AnyDesk 7.8AIHighAI2025-12-11
CVE-2024-58288 Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation — Genexus Protection Server 6.7AIMediumAI2025-12-11
CVE-2025-66271 ELECOM Clone 代码问题漏洞 — Clone for Windows 7.8AIHighAI2025-12-09
CVE-2025-66461 GS Yuasa International FULLBACK Manager Pro 代码问题漏洞 — FULLBACK Manager Pro (for Windows) 7.8AIHighAI2025-12-08
CVE-2020-36879 Flexsense DiskBoss Service Unquoted Service Path Vulnerability — DiskBoss 9.8 -2025-12-05
CVE-2025-66575 VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution — VeeVPN 8.8AIHighAI2025-12-04
CVE-2025-66269 Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM — UPSilon2000V6.0 7.8AIHighAI2025-11-26
CVE-2025-66264 Unquoted Service path in UPSilon2000V6.0 SYSTEM privilege service — ClientMate 7.8AIHighAI2025-11-26
CVE-2025-13433 Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path — MuseHub 7.0 High2025-11-20
CVE-2025-10714 AXIS OS 安全漏洞 — AXIS Optimizer 8.4 High2025-11-11
CVE-2025-62225 Sony Optical Disc Archive Software 代码问题漏洞 — Optical Disc Archive Software (for Windows) 7.8 -2025-11-05
CVE-2025-64151 Roboticsware多款产品 代码问题漏洞 — FA-Panel6 7.8 -2025-11-05
CVE-2025-12507 Insecure service configuration – unquoted path — _connect.BRAIN 8.8 High2025-10-31
CVE-2025-12286 VeePN AVService avservice.exe unquoted search path — VeePN 7.0 High2025-10-27
CVE-2025-12247 Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path — Backup Suite 7.0 High2025-10-27
CVE-2025-61865 I-O DATA I‑O DATA NarSuS App 代码问题漏洞 — NarSuS App 7.8AIHighAI2025-10-23
CVE-2025-61871 Buffalo NAS Navigator2 代码问题漏洞 — NAS Navigator2 (Windows version only) 7.8AIHighAI2025-10-10
CVE-2025-57714 NetBak Replicator — NetBak Replicator 6.7AIMediumAI2025-10-03
CVE-2025-43993 Dell Wireless 5932e 代码问题漏洞 — Wireless 5932e 7.8 High2025-09-25
CVE-2025-54081 SunshineService Has Unquoted Service Path That Allows Local SYSTEM Code Execution — Sunshine 6.7 Medium2025-09-23
CVE-2025-59307 Century Corporation RAID Manager 代码问题漏洞 — RAID Manager 7.8AIHighAI2025-09-17
CVE-2025-9818 Vulnerability caused by unquoted file paths of Windows services registered by the Uninterruptible Power Supply (UPS) management application — PowerAttendant Standard Edition 6.7 Medium2025-09-17
CVE-2025-58400 RATOC RAID Monitoring Manager for Windows 代码问题漏洞 — RATOC RAID Monitoring Manager for Windows 7.8AIHighAI2025-09-05
CVE-2025-5191 Unquoted Search Path Vulnerability in the Utility for Industrial Computers (Windows) — Utility for DRP-A100 Series 7.8AIHighAI2025-08-25
CVE-2025-57699 Western Digital Kitfox for Windows 代码问题漏洞 — Western Digital Kitfox for Windows 7.8 -2025-08-22
CVE-2025-9043 Seagate Toolkit 安全漏洞 — Toolkit 6.7AIMediumAI2025-08-14
CVE-2025-8070 Windows service registered with an unquoted ImagePath vulnerability in the system registry — ABP and AES 7.8 -2025-07-23
CVE-2025-0035 AMD Cloud Manageability Service 安全漏洞 — AMD Cloud Manageability Service 7.3 High2025-05-13
CVE-2024-36321 AMD AIM-T Manageability Service 安全漏洞 — AIM-T Manageability Service 7.3 High2025-05-13

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.