CVE-2025-64151 in FA-Panel6
Summary
by MITRE • 11/05/2025
Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 11/05/2025
The vulnerability identified as CVE-2025-64151 affects multiple Roboticsware products developed by Roboticsware PTE. LTD. This security flaw stems from improper service registration practices within the Windows operating system environment. The core issue lies in the configuration of Windows services that are installed as part of these robotics applications, where the service executable paths are not properly quoted. This configuration creates a dangerous condition that can be exploited by malicious actors with limited system access.
When Windows services are registered without properly quoted file paths, the operating system follows a specific resolution process that can be manipulated by attackers. The Windows service control manager attempts to locate the service executable by searching through the directory structure using the path components as separate directory names. This means that if a service path is configured as "C:\Program Files\Roboticsware\service.exe" without quotes, Windows will first look for "C:\Program.exe" then "C:\Program Files\Roboticsware\service.exe". This behavior creates a privilege escalation vector when attacker-controlled executables are placed in directories that are searched before the legitimate service executable.
The technical exploitation of this vulnerability requires a user with write permissions on the root directory of the system drive, which is typically a high-privilege account. However, in many enterprise environments, certain user accounts may possess these permissions due to administrative oversights or default configurations. Once an attacker places a malicious executable in the root directory, the system will execute this code when the vulnerable service starts or restarts. Since Windows services typically run with SYSTEM privileges, the malicious code executes with the highest level of system access, enabling complete system compromise.
This vulnerability directly maps to CWE-428, which describes the weakness of unquoted service paths in Windows systems. The issue represents a classic privilege escalation scenario that aligns with ATT&CK technique T1068, which covers the exploitation of system privileges. The attack vector is particularly concerning in industrial control systems and robotics environments where these products are commonly deployed, as they often operate in critical infrastructure settings where system compromise can have severe operational and safety implications.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with complete control over the affected systems. In robotics environments, this could lead to unauthorized manipulation of robotic processes, potential safety hazards, and disruption of critical manufacturing or automation workflows. The vulnerability affects the fundamental security posture of Roboticsware products and requires immediate attention from system administrators and cybersecurity teams responsible for protecting these environments.
Organizations should implement immediate mitigations including proper quoting of service paths during installation, regular security audits of installed services, and privilege access reviews to ensure that only authorized users have write permissions on system root directories. Additionally, implementing application whitelisting policies and monitoring for suspicious service execution patterns can help detect and prevent exploitation attempts. Regular patch management and vendor communication are essential to address this vulnerability in affected Roboticsware products and prevent potential security breaches in critical infrastructure environments.