Home

Description

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

PUBLISHED Reserved 2026-01-11 | Published 2026-01-13 | Updated 2026-01-14 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

15.1.0.0
affected

Credits

bios finder

References

www.exploit-db.com/exploits/50886 (ExploitDB-50886) exploit

www.easeus.com/ (EaseUS Official Homepage) product

www.vulncheck.com/...very-ensserverexe-unquoted-service-path (VulnCheck Advisory: EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path) third-party-advisory

cve.org (CVE-2022-50914)

nvd.nist.gov (CVE-2022-50914)

Download JSON