CVE-2025-62225 is a vulnerability identified in Sony Corporation's Optical Disc Archive Software for Windows, versions 1.0.0 through 5.5.2. The root cause is an unquoted search path or element in the Windows service registration process. Specifically, the software registers a Windows service with a file path that is not enclosed in quotes. In Windows, if a service path contains spaces and is unquoted, the system may interpret the path incorrectly, potentially allowing an attacker to place a malicious executable in a higher priority path segment. This vulnerability can be exploited by a user who has write permissions on the root directory of the system drive (typically C:\). By placing a crafted executable in this location, the attacker can achieve arbitrary code execution with SYSTEM-level privileges when the service starts or restarts. The CVSS 3.0 base score is 6.7, indicating a medium severity level. The vector indicates that the attack requires local access (AV:L), low attack complexity (AC:L), privileges required are high (PR:H), no user interaction (UI:N), and the impact is high on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits have been reported in the wild as of the publication date. The vulnerability is significant because SYSTEM privileges allow full control over the affected system, enabling attackers to install persistent malware, exfiltrate sensitive data, or disrupt operations. The vulnerability is particularly relevant for environments where multiple users have write access to the system drive root or where endpoint security controls are lax. Since the affected software is specialized archival software, the exposure is limited to organizations using this product, often in media, data storage, or archival sectors.

For European organizations, this vulnerability poses a risk of full system compromise on machines running the affected Sony Optical Disc Archive Software. The impact includes unauthorized access to sensitive archival data, potential disruption of archival services, and the possibility of lateral movement within networks if attackers gain SYSTEM privileges. Organizations in media production, broadcasting, and data preservation sectors are particularly vulnerable due to their reliance on this software. The compromise of archival systems could lead to data loss, intellectual property theft, and operational downtime. Given the high impact on confidentiality, integrity, and availability, attackers exploiting this vulnerability could severely disrupt business continuity and damage organizational reputation. The requirement for local access and high privileges somewhat limits remote exploitation but insider threats or compromised user accounts could leverage this vulnerability. Additionally, the lack of user interaction needed facilitates automated exploitation once local access is obtained.

1. Immediately audit and restrict write permissions on the root directory of the system drive to prevent unauthorized users from placing executables there. 2. Monitor and review Windows service configurations for unquoted paths and correct them by quoting the executable paths properly. 3. Apply any available patches or updates from Sony Corporation as soon as they are released. 4. Implement strict endpoint protection controls to limit local privilege escalation opportunities, including application whitelisting and behavior monitoring. 5. Use least privilege principles to restrict user permissions, especially on systems running the affected software. 6. Regularly scan systems for unauthorized files in critical directories such as the system drive root. 7. Employ network segmentation to isolate archival systems and reduce the risk of lateral movement. 8. Educate system administrators and users about the risks of local privilege escalation vulnerabilities and the importance of secure file system permissions.