CVE-2025-9818 | THREATINT

Description

A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces.

PUBLISHED Reserved 2025-09-02 | Published 2025-09-17 | Updated 2025-09-17 | Assigner OMRON

MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-428 Unquoted Search Path or Element

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

References

www.omron.com/...nerability_information/OMSR-2025-005_ja.pdf

www.omron.com/...nerability_information/OMSR-2025-005_en.pdf

cve.org (CVE-2025-9818)

nvd.nist.gov (CVE-2025-9818)

Download JSON