Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-57714

Summary
Assigner-qnap
Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f
Published At-03 Oct, 2025 | 18:15
Updated At-26 Feb, 2026 | 17:48
Rejected At-
Credits

NetBak Replicator

An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak Replicator 4.5.15.0807 and later

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qnap
Assigner Org ID:2fd009eb-170a-4625-932b-17a53af1051f
Published At:03 Oct, 2025 | 18:15
Updated At:26 Feb, 2026 | 17:48
Rejected At:
â–¼CVE Numbering Authority (CNA)
NetBak Replicator

An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak Replicator 4.5.15.0807 and later

Affected Products
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
NetBak Replicator
Default Status
unaffected
Versions
Affected
  • From 4.5.x before 4.5.15.0807 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-428CWE-428
Type: CWE
CWE ID: CWE-428
Description: CWE-428
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233
CAPEC-69CAPEC-69
CAPEC ID: CAPEC-233
Description: CAPEC-233
CAPEC ID: CAPEC-69
Description: CAPEC-69
Solutions

We have already fixed the vulnerability in the following version: NetBak Replicator 4.5.15.0807 and later

Configurations
Workarounds
Exploits
Credits
finder
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-25-39
N/A
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-39
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@qnapsecurity.com.tw
Published At:03 Oct, 2025 | 19:15
Updated At:08 Dec, 2025 | 15:42

An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak Replicator 4.5.15.0807 and later

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
QNAP Systems, Inc.
qnap
>>netbak_replicator>>Versions from 4.5.0.0209(inclusive) to 4.5.15.0807(exclusive)
cpe:2.3:a:qnap:netbak_replicator:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-428Primarysecurity@qnapsecurity.com.tw
CWE ID: CWE-428
Type: Primary
Source: security@qnapsecurity.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qnap.com/en/security-advisory/qsa-25-39security@qnapsecurity.com.tw
Vendor Advisory
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-39
Source: security@qnapsecurity.com.tw
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

268Records found
CVE-2024-2747
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.22%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 17:12
Updated-23 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.

Action-Not Available
Vendor-
Product-easergy_studioEasergy Studioeasergy_studio
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-25552
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.40%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 07:49
Updated-26 Aug, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wiesemann & Theis: Multiple products prone to unquoted search path

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.

Action-Not Available
Vendor-W&Twut
Product-OPC-ServerCom Redirector LegacyCom Redirector PnPopc-servercom-redirector
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25288
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.47%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 23:15
Updated-05 Feb, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.

Action-Not Available
Vendor-Wacom
Product-Wacom WTabletService
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-35899
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.04%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 16:14
Updated-03 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

Action-Not Available
Vendor-n/aMicrosoft CorporationASUS (ASUSTeK Computer Inc.)
Product-windowsaura_ready_game_software_development_kitn/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-5012
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-16 Sep, 2023 | 20:31
Updated-02 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Topaz OFD Protection Module Warsaw core.exe unquoted search path

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. Upgrading to version 2.12.0.259 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-239853 was assigned to this vulnerability.

Action-Not Available
Vendor-topazevolutionTopaz
Product-ofdOFD
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-29320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.87%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 12:53
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.

Action-Not Available
Vendor-minitooln/a
Product-partition_wizardn/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-27095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.87%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 12:48
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.

Action-Not Available
Vendor-battleyen/a
Product-battleyen/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-27050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-31 Mar, 2022 | 22:11
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.

Action-Not Available
Vendor-bitcometn/aMicrosoft Corporation
Product-windowsbitcometn/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47847
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Disksorter
Product-Disk Sorter Server
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47780
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.29%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Macro Expert 4.7 - Unquoted Service Path

Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions during service startup.

Action-Not Available
Vendor-macro-expertMacro-Expert
Product-macro_expertMacro Expert
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47804
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.47%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restarts.

Action-Not Available
Vendor-Wisecleaner
Product-Wise Care
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47884
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-05 Mar, 2026 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-OKI
Product-Configuration Tool
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-0237
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-17 Mar, 2022 | 22:30
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rapid7 Insight Agent Privilege Escalation

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.

Action-Not Available
Vendor-Rapid7 LLC
Product-insight_agentInsight Agent
CWE ID-CWE-264
Not Available
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47889
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:47
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path

Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Softros Systems
Product-LAN Messenger
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47880
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.

Action-Not Available
Vendor-Realtek Semiconductor Corp.
Product-Realtek Wireless LAN Utility
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47883
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-05 Mar, 2026 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path

Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Sandboxie-Plus
Product-Sandboxie Plus
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47826
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NTI\Acer Backup Manager\ to inject malicious executables that would run with elevated LocalSystem privileges.

Action-Not Available
Vendor-Acer Inc.
Product-Acer Backup Manager Module
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-45819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.

Action-Not Available
Vendor-wordlinen/a
Product-hidccemonitorsvcn/a
CWE ID-CWE-428
Unquoted Search Path or Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found