CVE-2025-9818

Published: Sep 17, 2025Modified: Sep 17, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: bba440f9-ef23-4224-aa62-7ac0935d18d1 (Secondary)

Description

A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces.

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

https://www.omron.com/global/en/inquiry/vulnerability_information/OMSR-2025-005_en.pdf

Source: bba440f9-ef23-4224-aa62-7ac0935d18d1

https://www.omron.com/jp/ja/inquiry/vulnerability_information/OMSR-2025-005_ja.pdf

Source: bba440f9-ef23-4224-aa62-7ac0935d18d1

Timeline

No history available yet.