Unquoted Windows Service Vulnerability in RAID Manager by Century Corporation
CVE-2025-59307

8.4HIGH

Key Information:

Vendor: Century Corporation
Status: Raid Manager
Vendor: CVE Published:; 17 September 2025

🔔 Create Century Corporation Vulnerability Alert

What is CVE-2025-59307?

RAID Manager from Century Corporation contains a security flaw due to an unquoted file path in its Windows service registration. This vulnerability allows any user with write permissions on the system drive's root directory to execute arbitrary code with SYSTEM privileges. Consequently, this can potentially compromise the integrity and security of the entire system, making it essential for users to be aware of this issue and apply necessary mitigations.

Affected Version(s)

RAID Manager supplied before September 1

RAID Manager 2025

References

https://www.century.co.jp/support/products-info/notice-r-...

https://jvn.jp/en/jp/JVN84697061/

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 12, 2025