Search criteria
1 vulnerability by Hasleo
CVE-2025-12247 (GCVE-0-2025-12247)
Vulnerability from cvelistv5 – Published: 2025-10-27 08:02 – Updated: 2025-10-27 17:17
VLAI
Title
Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path
Summary
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.329918 | vdb-entry |
| https://vuldb.com/?ctiid.329918 | signaturepermissions-required |
| https://vuldb.com/?submit.672549 | third-party-advisory |
| https://vuldb.com/?submit.672548 | third-party-advisory |
| https://github.com/lakshayyverma/CVE-Discovery/bl… | related |
| https://github.com/lakshayyverma/CVE-Discovery/bl… | exploit |
| https://www.easyuefi.com/backup-software/download… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hasleo | Backup Suite |
Affected:
5.0
Affected: 5.1 Affected: 5.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12247",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T17:15:29.471103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T17:17:57.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HasleoImageMountService/HasleoBackupSuiteService"
],
"product": "Backup Suite",
"vendor": "Hasleo",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lakshay12311 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack\u0027s complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised."
},
{
"lang": "de",
"value": "In Hasleo Backup Suite up to 5.2 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente HasleoImageMountService/HasleoBackupSuiteService. Durch Manipulieren mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Sie gilt als schwierig ausnutzbar. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Ein Upgrade der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T08:02:06.216Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329918 | Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.329918"
},
{
"name": "VDB-329918 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329918"
},
{
"name": "Submit #672549 | Hasleo Software Hasleo Backup Suite 5.2 Unquoted Search Path",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.672549"
},
{
"name": "Submit #672548 | Hasleo Software Hasleo Backup Suite 5.2 Unquoted Search Path (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.672548"
},
{
"tags": [
"related"
],
"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hasleo%20Backup%20Suite%20ImageMountService.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Halseo%20Backupservice.md"
},
{
"tags": [
"patch"
],
"url": "https://www.easyuefi.com/backup-software/downloads/Hasleo_Backup_Suite_Free.exe"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T06:23:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12247",
"datePublished": "2025-10-27T08:02:06.216Z",
"dateReserved": "2025-10-26T05:18:20.122Z",
"dateUpdated": "2025-10-27T17:17:57.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}