CVE-2025-12247 is a vulnerability classified as an unquoted search path weakness in Hasleo Backup Suite versions 5.0 through 5.2. The flaw resides within an unspecified function of the HasleoImageMountService or HasleoBackupSuiteService component. Unquoted search path vulnerabilities occur when a service or application executable path contains spaces but is not enclosed in quotes, allowing an attacker to place a malicious executable in a directory that is searched before the legitimate one. This can lead to arbitrary code execution when the service starts or restarts. The attack vector is local, requiring the attacker to have low-level privileges on the system. The complexity is high, indicating that exploitation is not straightforward and may require specific conditions or knowledge. The CVSS 4.0 score of 7.3 reflects a high severity, with the vector indicating local attack vector (AV:L), high attack complexity (AC:H), no user interaction (UI:N), and low privileges required (PR:L). The vulnerability affects confidentiality, integrity, and availability, as an attacker could execute code with elevated privileges or disrupt backup operations. Although no exploits have been observed in the wild, proof-of-concept code has been publicly disclosed, increasing the risk of future exploitation. The recommended remediation is upgrading to a fixed version of Hasleo Backup Suite once available. In the interim, organizations should audit service executable paths for unquoted spaces and restrict local access to trusted users only.

For European organizations, the impact of CVE-2025-12247 can be significant, especially for those relying on Hasleo Backup Suite for critical backup and recovery operations. Successful exploitation could allow a local attacker to execute arbitrary code with elevated privileges, potentially leading to unauthorized access to sensitive backup data, disruption of backup services, or further lateral movement within the network. This could compromise data confidentiality and integrity, and impact availability by disabling or corrupting backup processes. Sectors such as finance, healthcare, government, and critical infrastructure that depend on reliable backup solutions are particularly at risk. The local attack vector limits remote exploitation, but insider threats or attackers who have gained initial footholds could leverage this vulnerability to escalate privileges or persist within systems. The public availability of exploit code increases the urgency for mitigation to prevent exploitation in European environments.

1. Upgrade Hasleo Backup Suite to the latest patched version as soon as it becomes available from the vendor. 2. In the interim, perform a thorough audit of all service executable paths related to Hasleo Backup Suite and its services to ensure that any paths containing spaces are properly quoted to prevent unquoted search path exploitation. 3. Restrict local system access to trusted administrators and users only, minimizing the risk of local attackers exploiting this vulnerability. 4. Implement application whitelisting to prevent unauthorized executables from running in directories that are part of the service search path. 5. Monitor system logs and backup service behavior for unusual activity that could indicate exploitation attempts. 6. Educate IT staff about the risks of unquoted search path vulnerabilities and the importance of secure service configuration. 7. Consider deploying endpoint detection and response (EDR) solutions capable of detecting suspicious local execution or privilege escalation attempts related to this vulnerability.