CVE-2025-62225
📋 TL;DR
Sony Optical Disc Archive Software registers a Windows service with an unquoted file path, allowing local attackers with write permissions on the system drive root directory to escalate privileges to SYSTEM by placing malicious executables in path gaps. This affects Windows systems running the vulnerable software.
💻 Affected Systems
- Sony Optical Disc Archive Software
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full SYSTEM privilege compromise leading to complete host takeover, data theft, and lateral movement capabilities.
Likely Case
Privilege escalation from a standard user to SYSTEM on affected workstations or servers.
If Mitigated
Limited impact if proper file permissions restrict write access to system drive root directory.
🎯 Exploit Status
Exploitation requires local access and write permissions to system drive root. The vulnerability pattern (unquoted service paths) is well-known and easily exploitable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to latest version as specified in Sony advisory
Vendor Advisory: https://www.sony.jp/oda/application/?srsltid=AfmBOoo8t7k-alQo7ZnV2MAhq8qfIJtFOJN41U2Tu-B1yrpx3Y_KHurk
Restart Required: Yes
Instructions:
1. Download the latest version from Sony's Optical Disc Archive Software page. 2. Install the update following vendor instructions. 3. Restart the system to ensure service changes take effect.
🔧 Temporary Workarounds
Add quotes to service path
windowsManually add quotes around the service executable path in Windows Registry
sc config "ServiceName" binPath= "\"C:\Program Files\Sony\ODA Software\oda.exe\""
Restart the service after making changes
Restrict write permissions to system drive root
windowsRemove write permissions for standard users on the root directory of the system drive
icacls C:\ /deny Users:(OI)(CI)W
icacls C:\ /deny Authenticated Users:(OI)(CI)W
🧯 If You Can't Patch
- Restrict write permissions for standard users on the system drive root directory (C:\) using Windows permissions or Group Policy.
- Monitor for unauthorized file creation in system drive root and suspicious service execution events.
🔍 How to Verify
Check if Vulnerable:
Check if Sony Optical Disc Archive Software is installed and examine service paths in Registry (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services) for unquoted paths containing spaces.Check Version:
Check software version through Control Panel > Programs and Features or vendor-provided version check utility.Verify Fix Applied:
Verify service path in Registry has quotes around the full executable path and check software version matches patched version.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Service Control Manager events (ID 7045) showing service path modifications
- Security logs: Unauthorized file creation in system drive root directory
Network Indicators:
- No network indicators - local privilege escalation only
SIEM Query:
EventID=7045 AND (ServiceName contains "Sony" OR ServiceName contains "ODA") OR (EventID=4663 AND ObjectName="C:\\*" AND Accesses="WriteData")