Unquoted Windows Service Path Vulnerability in RATOC RAID Monitoring Manager
CVE-2025-58400

8.4HIGH

Key Information:

Vendor: Ratoc Systems, Inc.
Status: Ratoc Raid Monitoring Manager For Windows
Vendor: CVE Published:; 5 September 2025

🔔 Create Ratoc Systems, Inc. Vulnerability Alert

What is CVE-2025-58400?

RATOC RAID Monitoring Manager for Windows contains a security flaw where it registers a Windows service with an unquoted file path. This configuration allows users with write permissions on the root directory of the system drive to potentially execute arbitrary code with SYSTEM privileges. As a result, unauthorized users could exploit this weakness to compromise system integrity, making it essential to address this vulnerability promptly to safeguard sensitive data and ensure operational security.

Affected Version(s)

RATOC RAID Monitoring Manager for Windows prior to Ver.2.00.09.250820

References

https://www.ratocsystems.com/topics/userinfo/raidmanager2...

https://www.ratocsystems.com/dlsoft/dlsoft_storage/dlsoft...

https://jvn.jp/en/jp/JVN98737186/

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Aug 31, 2025