Login Sign Up

CVE-2025-9016

7.0 HIGH

πŸ“‹ TL;DR

This vulnerability in Mechrevo Control Center allows local attackers to exploit an uncontrolled search path (DLL hijacking) in the PowerShell Script Handler component. Attackers with local access could potentially execute arbitrary code with elevated privileges. Only users running the specific affected software version are impacted.

πŸ’» Affected Systems

Products:
  • Mechrevo Control Center GX
Versions: V2 5.56.51.48
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with the specific vulnerable version installed. Requires local access to the system.

πŸ“¦ What is this software?

Control Center Gx V2 by Mechrevo

View all CVEs affecting Control Center Gx V2 β†’

⚠️ Risk & Real-World Impact

πŸ”΄

Worst Case

Local privilege escalation leading to full system compromise, installation of persistent malware, or data exfiltration.

🟠

Likely Case

Local attacker gains elevated privileges to install unwanted software, modify system settings, or access restricted data.

🟒

If Mitigated

Limited impact due to proper access controls, application whitelisting, and restricted local user privileges.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏒 Internal Only: MEDIUM - Local attackers on compromised systems could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: βœ… No
Complexity: HIGH

Exploit details are publicly available but exploitation requires local access and specific conditions. Attack complexity is rated as high.

πŸ› οΈ Fix & Mitigation

βœ… Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

Check Mechrevo website for updated version. If available, download and install the latest Control Center version.

πŸ”§ Temporary Workarounds

Restrict PowerShell Execution

windows

Configure PowerShell execution policy to restrict script execution

Set-ExecutionPolicy Restricted -Scope LocalMachine

Remove Vulnerable Component

windows

Uninstall or disable the vulnerable Control Center component

🧯 If You Can't Patch

  • Implement strict local user privilege restrictions
  • Enable application whitelisting to prevent unauthorized executables

πŸ” How to Verify

Check if Vulnerable:

Check if C:\Program Files\OEM\ζœΊζ’°ι©ε‘½ζŽ§εˆΆδΈ­εΏƒ\AiStoneService\MyControlCenter\Command exists and verify Control Center version is 5.56.51.48

Check Version:

Check Control Center About section or examine installed programs list

Verify Fix Applied:

Verify Control Center version is updated beyond 5.56.51.48 or vulnerable component is removed

πŸ“‘ Detection & Monitoring

Log Indicators:

  • Unusual PowerShell script execution from Control Center directory
  • Process creation from suspicious locations

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Process creation where parent process contains 'ControlCenter' and child process is powershell.exe from unusual paths

πŸ“Š Metadata

CVE ID: CVE-2025-9016
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-426
EPSS Score: 0.03% exploit probability (6.9th percentile)
Published: August 15, 2025
Last Updated: September 11, 2025

πŸ”— References

πŸ“€ Share & Export

πŸ“„ Export Markdown πŸ“‹ Export JSON

πŸ”— Related Vulnerabilities

If you're affected by CVE-2025-9016, you might also want to check these:

CVE-2023-30330 9.8

SoftExpert Excellence Suite 2.x versions before 2.1.3 contain a Local File Inclusion vulnerability i...

Same vulnerability type (CWE-426)
CVE-2025-26155 9.8

This CVE describes an Untrusted Search Path vulnerability in NCP VPN clients that allows attackers t...

Same vulnerability type (CWE-426)
CVE-2022-26184 9.8

CVE-2022-26184 is an untrusted search path vulnerability in Poetry package manager versions 1.1.9 an...

Same vulnerability type (CWE-426)