CVE-2025-12247
📋 TL;DR
This CVE describes an unquoted search path vulnerability in Hasleo Backup Suite services (HasleoImageMountService/HasleoBackupSuiteService) up to version 5.2. Attackers with local access could potentially execute arbitrary code by placing malicious executables in paths the services search for dependencies. The vulnerability affects all users of Hasleo Backup Suite versions up to 5.2.
💻 Affected Systems
- Hasleo Backup Suite
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to SYSTEM/root-level code execution, allowing complete system compromise and persistence.
Likely Case
Local authenticated user could execute arbitrary code with elevated privileges, potentially installing malware or stealing data.
If Mitigated
With proper access controls and monitoring, impact limited to alerting on suspicious service behavior.
🎯 Exploit Status
Exploit requires local access and specific conditions to manipulate search paths. Attack complexity rated as high in CVE description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 5.2
Vendor Advisory: Not provided in CVE references
Restart Required: Yes
Instructions:
1. Download latest version from Hasleo website
2. Uninstall current version
3. Install updated version
4. Restart system to ensure services are updated
🔧 Temporary Workarounds
Restrict local access
windowsLimit local user access to systems running Hasleo Backup Suite
Monitor service behavior
windowsImplement monitoring for unusual service executions or file creations
🧯 If You Can't Patch
- Remove Hasleo Backup Suite from critical systems
- Implement strict access controls and monitoring for affected systems
🔍 How to Verify
Check if Vulnerable:
Check Hasleo Backup Suite version in Control Panel > Programs and Features. If version is 5.2 or earlier, system is vulnerable.Check Version:
wmic product where name="Hasleo Backup Suite" get versionVerify Fix Applied:
Verify installed version is greater than 5.2 and check services are running updated versions.📡 Detection & Monitoring
Log Indicators:
- Unusual service executions from unexpected paths
- File creation in service directories by non-service accounts
Network Indicators:
- Local service communication anomalies
SIEM Query:
EventID=4688 AND (ProcessName LIKE "%Hasleo%" OR CommandLine CONTAINS "Hasleo") AND NOT (ImagePath LIKE "%Program Files%Hasleo%")🔗 References
- https://github.com/lakshayyverma/CVE-Discovery/blob/main/Halseo%20Backupservice.md
- https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hasleo%20Backup%20Suite%20ImageMountService.md
- https://vuldb.com/?ctiid.329918
- https://vuldb.com/?id.329918
- https://vuldb.com/?submit.672548
- https://vuldb.com/?submit.672549
- https://www.easyuefi.com/backup-software/downloads/Hasleo_Backup_Suite_Free.exe
