JVNDB-2025-000078

[Japanese]
JVNDB-2025-000078
Century HW RAID Manager registers a Windows service with an unquoted file path
Overview
RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element (CWE-428) - CVE-2025-59307 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 6.7 (Medium) [IPA Score] Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

Century Corporation RAID Manager
The products available on the vendor's site before September 1st, 2025 are affected.
Impact
A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Solution
[Update the Software] Update the software to the latest version according to the information provided by the developer. The vendor released the fixed version on September 1st, 2025.
Vendor Information
Century Corporation Century Corporation : Notice regarding vulnerability in Naked Intelligent Building Series RAID Manager (in Japanese)
CWE (What is CWE?)
No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2025-59307
References
JVN : JVN#84697061
Revision History
[2025/09/17] Web page was published

Century HW RAID Manager registers a Windows service with an unquoted file path