Search criteria
2 vulnerabilities found for EaseUS Data Recovery by EaseUS
CVE-2022-50914 (GCVE-0-2022-50914)
Vulnerability from nvd – Published: 2026-01-13 22:51 – Updated: 2026-01-14 16:06
VLAI?
Title
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path
Summary
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EaseUS | EaseUS Data Recovery |
Affected:
15.1.0.0
|
Credits
bios
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50914",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T16:06:27.175702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:06:40.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EaseUS Data Recovery",
"vendor": "EaseUS",
"versions": [
{
"status": "affected",
"version": "15.1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "bios"
}
],
"descriptions": [
{
"lang": "en",
"value": "EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T22:51:52.098Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50886",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50886"
},
{
"name": "EaseUS Official Homepage",
"tags": [
"product"
],
"url": "https://www.easeus.com/"
},
{
"name": "VulnCheck Advisory: EaseUS Data Recovery - \u0027ensserver.exe\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easeus-data-recovery-ensserverexe-unquoted-service-path"
}
],
"title": "EaseUS Data Recovery - \u0027ensserver.exe\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50914",
"datePublished": "2026-01-13T22:51:52.098Z",
"dateReserved": "2026-01-11T13:14:18.876Z",
"dateUpdated": "2026-01-14T16:06:40.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50914 (GCVE-0-2022-50914)
Vulnerability from cvelistv5 – Published: 2026-01-13 22:51 – Updated: 2026-01-14 16:06
VLAI?
Title
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path
Summary
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EaseUS | EaseUS Data Recovery |
Affected:
15.1.0.0
|
Credits
bios
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50914",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T16:06:27.175702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:06:40.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EaseUS Data Recovery",
"vendor": "EaseUS",
"versions": [
{
"status": "affected",
"version": "15.1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "bios"
}
],
"descriptions": [
{
"lang": "en",
"value": "EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T22:51:52.098Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50886",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50886"
},
{
"name": "EaseUS Official Homepage",
"tags": [
"product"
],
"url": "https://www.easeus.com/"
},
{
"name": "VulnCheck Advisory: EaseUS Data Recovery - \u0027ensserver.exe\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easeus-data-recovery-ensserverexe-unquoted-service-path"
}
],
"title": "EaseUS Data Recovery - \u0027ensserver.exe\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50914",
"datePublished": "2026-01-13T22:51:52.098Z",
"dateReserved": "2026-01-11T13:14:18.876Z",
"dateUpdated": "2026-01-14T16:06:40.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}