CVE-2024-22752 is an insecure permissions vulnerability identified in EaseUS MobiMover version 6.0.5 Build 21620. The core issue arises because the application installation directory has overly permissive access controls, allowing users with limited privileges to place and execute crafted executables within this directory. When the application or system processes launch executables from this location, an attacker can escalate their privileges by executing malicious code with higher system rights than originally granted. This vulnerability is classified under CWE-269 (Improper Privilege Management). The CVSS v3.1 base score is 8.1, indicating a high severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality and integrity (C:H/I:H), but no impact on availability (A:N). Although no public exploits have been reported, the vulnerability represents a significant risk due to the ease of exploitation and potential for attackers to gain unauthorized elevated access. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps.

The vulnerability allows attackers with limited privileges to escalate their access rights, potentially gaining administrative or system-level control over affected machines. This can lead to unauthorized access to sensitive data, modification or corruption of critical files, and the ability to bypass security controls. The confidentiality and integrity of systems running EaseUS MobiMover 6.0.5 are at significant risk. Organizations relying on this software for data transfer or backup may face increased exposure to insider threats or external attackers who gain initial footholds with low privileges. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once details become widely known. The impact is particularly severe in environments where EaseUS MobiMover is deployed on endpoints with sensitive data or critical operational roles.

Organizations should immediately audit and restrict permissions on the EaseUS MobiMover installation directory to prevent unauthorized write or execute access by non-administrative users. Implement application whitelisting to block execution of unauthorized binaries from the installation path. Monitor file system changes and execution logs for suspicious activity related to the MobiMover directory. Until an official patch is released, consider isolating or uninstalling the affected version in high-risk environments. Employ endpoint detection and response (EDR) tools to detect potential privilege escalation attempts. Educate users about the risks of running untrusted executables and maintain strict access controls on user accounts to limit privilege levels. Regularly check for updates from EaseUS and apply patches promptly once available.