Privilege Escalation Vulnerability in EaseUs Todo Backup Software
CVE-2025-50892

7.8HIGH

Key Information:

Vendor: EaseUS
Status: Todo Backup
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-50892?

The eudskacs.sys driver included in EaseUs Todo Backup version 1.2.0.1 is vulnerable due to improper validation of I/O request privileges. This flaw permits a low-privileged local attacker to execute unauthorized raw disk read and write operations. As a result, an attacker could potentially disclose sensitive information, disrupt service availability, or escalate their privileges within the system. Immediate review and remediation for affected users are recommended to prevent exploitation of this vulnerability.

References

http://easeus.com

https://gist.github.com/christopher-ellis-workday/756c998...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-50892 Data

JSON

EaseUS

What is CVE-2025-50892?

References

CVSS V3.1

Timeline