CVE-2025-12247

high

Description

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.

References

https://www.easyuefi.com/backup-software/downloads/Hasleo_Backup_Suite_Free.exe

https://vuldb.com/?submit.672549

https://vuldb.com/?submit.672548

https://vuldb.com/?id.329918

https://vuldb.com/?ctiid.329918

https://github.com/lakshayyverma/CVE-Discovery/blob/main/Hasleo%20Backup%20Suite%20ImageMountService.md

https://github.com/lakshayyverma/CVE-Discovery/blob/main/Halseo%20Backupservice.md

Details

Source: Mitre, NVD

Published: 2025-10-27

Updated: 2025-10-27

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 7.3

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00011