CVE-2025-62225

Nov. 6, 2025, 7:45 p.m.

8.4
High

Description

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Product(s) Impacted

Product Versions
optical_disc_archive_software
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References

https://jvn.jp/en/jp/JVN81917433/
https://www.sony.jp/oda/application/?srsltid=AfmBOoo8t7k-alQo7ZnV2MAhq8qfIJtFOJN41U2Tu-B1yrpx3Y_KHurk

Tags

vultures@jpcert.or.jp
CWE-428
2025-11-05
CVE-2025-62225

CVSS Score

8.4 / 10

CVSS Data - 4.0

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: HIGH
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Nov. 5, 2025, 7:15 a.m.
Last Modified: Nov. 6, 2025, 7:45 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.