CVE-2025-9016

15.08.2025, 07:15

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDB	CNA	7 HIGH				CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-426 - Untrusted Search Path
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

References

https://drive.proton.me/urls/7QYSEW6734#H3N4fQ3mw6gX

https://vuldb.com/?ctiid.320067

https://vuldb.com/?id.320067

https://vuldb.com/?submit.624900