CVE-2025-50892 is a local privilege escalation vulnerability found in the eudskacs.sys driver version 20250328, which is shipped with EaseUs Todo Backup version 1.2.0.1. The vulnerability arises because the driver fails to properly validate privileges for I/O requests, specifically IRP_MJ_READ and IRP_MJ_WRITE, sent to its device object. This improper validation allows a low-privileged local attacker to perform arbitrary raw disk reads and writes. Exploiting this flaw, an attacker can access sensitive information stored on the disk, cause denial of service by corrupting disk data, or escalate their privileges on the affected system. The vulnerability is rooted in the driver's insufficient access control checks on critical I/O operations, which should normally be restricted to privileged users or system components. Since the driver operates at the kernel level, successful exploitation can compromise the confidentiality, integrity, and availability of the system. The attack requires local access to the machine but does not require user interaction beyond executing code with low privileges. There is no known exploit in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability was reserved in June 2025 and published in September 2025, indicating recent discovery and disclosure. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for affected users to apply mitigations or monitor for updates.

For European organizations, this vulnerability poses a significant risk, especially for enterprises relying on EaseUs Todo Backup 1.2.0.1 for data protection and backup operations. The ability for a low-privileged local attacker to read and write raw disk data can lead to exposure of sensitive corporate data, including intellectual property, personal data protected under GDPR, and critical system files. Denial of service attacks could disrupt backup and recovery operations, impacting business continuity. Privilege escalation could allow attackers to gain administrative control, facilitating further lateral movement and persistent access within corporate networks. This is particularly concerning for sectors with strict data protection requirements such as finance, healthcare, and government institutions. The local attack vector means that insider threats or attackers who gain initial footholds via phishing or other means could leverage this vulnerability to deepen their access. The absence of a patch increases the window of exposure, and organizations may face compliance risks if sensitive data is compromised. Overall, the vulnerability undermines the trustworthiness of backup solutions, which are critical for data integrity and disaster recovery strategies.

Organizations should immediately audit their environments to identify installations of EaseUs Todo Backup version 1.2.0.1 with the vulnerable eudskacs.sys driver. Until a vendor patch is released, the following specific mitigations are recommended: 1) Restrict local user permissions to prevent untrusted users from executing code or accessing the driver interface. 2) Employ application whitelisting and endpoint protection to detect and block unauthorized attempts to interact with the driver. 3) Use host-based intrusion detection systems (HIDS) to monitor for suspicious raw disk I/O operations indicative of exploitation attempts. 4) Isolate backup servers and workstations running the vulnerable software from general user access to reduce risk of local attacks. 5) Regularly back up critical data using alternative methods or tools not affected by this vulnerability to ensure recovery capability. 6) Monitor vendor communications closely for patches or updates and plan for rapid deployment once available. 7) Conduct internal security awareness training to reduce risk of initial compromise that could lead to local exploitation. These targeted steps go beyond generic advice by focusing on controlling local access to the vulnerable driver and monitoring for exploitation behaviors specific to raw disk I/O manipulation.