CVE-2025-64151
📋 TL;DR
This vulnerability allows local attackers with write permissions on the system drive root directory to escalate privileges to SYSTEM level by exploiting unquoted service paths in Roboticsware products. It affects users of Roboticsware software on Windows systems where the service installation directory is vulnerable.
💻 Affected Systems
- Multiple Roboticsware products from Roboticsware PTE. LTD.
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full SYSTEM privilege compromise allowing complete control over the affected system, installation of persistent backdoors, credential theft, and lateral movement within the network.
Likely Case
Local privilege escalation from a standard user account to SYSTEM privileges, enabling installation of malware, disabling security controls, or accessing protected system resources.
If Mitigated
Limited impact if proper access controls prevent unauthorized users from writing to system drive root directories and services run with minimal necessary privileges.
🎯 Exploit Status
Exploitation requires local access and write permissions to system drive root directory. The technique of exploiting unquoted service paths is well-documented and commonly used in privilege escalation attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions released after October 28, 2025
Vendor Advisory: https://www.roboticsware.com/dev-jp/2025/10/28/announcements-20251028/
Restart Required: Yes
Instructions:
1. Check Roboticsware advisory for specific product updates. 2. Download and install the latest version from official vendor sources. 3. Restart affected systems to apply service changes. 4. Verify services now use quoted paths.
🔧 Temporary Workarounds
Apply quoted service paths manually
windowsManually update Roboticsware service configurations to use quoted file paths
sc config "ServiceName" binPath= "\"C:\Path\To\Service.exe\""
sc stop "ServiceName"
sc start "ServiceName"
Restrict write permissions to system drive root
windowsRemove write permissions for standard users on the system drive root directory
icacls C:\ /deny Users:(OI)(CI)W
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from writing to system drive root directories
- Monitor for suspicious service creation or modification events and implement application whitelisting
🔍 How to Verify
Check if Vulnerable:
Check Roboticsware service configurations using: sc qc "ServiceName" and look for unquoted paths containing spaces in the BINARY_PATH_NAME fieldCheck Version:
Check Roboticsware product version through product interface or installed programs listVerify Fix Applied:
Verify service paths are now quoted using: sc qc "ServiceName" and confirm BINARY_PATH_NAME is enclosed in quotes📡 Detection & Monitoring
Log Indicators:
- Windows Event ID 7045: Service installation with unquoted paths
- Unexpected service creation or modification events
- Process creation from system drive root directory by non-SYSTEM accounts
Network Indicators:
- Unusual outbound connections from systems running Roboticsware services
- Lateral movement attempts from previously non-privileged accounts
SIEM Query:
EventID=7045 AND (ServiceName contains "roboticsware" OR ImagePath contains "roboticsware")