Unquoted File Path Vulnerability in FULLBACK Manager Pro by GS Yuasa International Ltd.
CVE-2025-66461

8.4HIGH

Key Information:

Vendor: Gs Yuasa International Ltd.
Status: Fullback Manager Pro (for Windows); Fullback Manager Pro For Network (for Windows)
Vendor: CVE Published:; 8 December 2025

🔔 Create Gs Yuasa International Ltd. Vulnerability Alert

What is CVE-2025-66461?

The FULLBACK Manager Pro software by GS Yuasa International Ltd. contains a security issue where two Windows services are registered with unquoted file paths. This flaw allows an authenticated user with write permissions to execute arbitrary code with SYSTEM privileges if they manipulate the path directory. Proper configuration and quoting of the file paths are essential to mitigate this risk and protect the system from potential exploitation.

Affected Version(s)

FULLBACK Manager Pro (for Windows) 4.00 and earlier

FULLBACK Manager Pro for Network (for Windows) 3.00 and earlier

References

https://ps.gs-yuasa.com/technicalinfo/pdf/failure/FMP_inf...

https://jvn.jp/en/jp/JVN59242986/

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 2, 2025

JSON