CVE-2025-64151 is a vulnerability identified in Roboticsware PTE. LTD.'s FA-Panel6 product, versions Rev17 and earlier. The root cause is the registration of Windows services with unquoted file paths. In Windows, if a service executable path contains spaces and is not enclosed in quotes, the system may interpret the path incorrectly, allowing an attacker to place a malicious executable in a higher-priority path segment. Specifically, if a user has write permissions on the root directory of the system drive (commonly C:\), they can place a malicious executable that the service will execute with SYSTEM privileges during service startup or restart. This leads to privilege escalation from a user with write access to SYSTEM-level code execution. The vulnerability requires the attacker to have write permissions on the root of the system drive, which is a high privilege but can be possible in misconfigured environments or through other chained exploits. The CVSS 3.0 score of 6.7 reflects the medium severity, with high impact on confidentiality, integrity, and availability (all rated high), low attack vector (local), low attack complexity, and requiring high privileges but no user interaction. No known exploits have been reported in the wild yet. The vulnerability affects critical industrial automation software, which may be deployed in manufacturing and process control environments. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for interim mitigations.

For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors using Roboticsware's FA-Panel6, this vulnerability poses a significant risk. Exploitation can lead to full SYSTEM-level compromise, allowing attackers to manipulate control systems, disrupt operations, steal sensitive data, or cause safety hazards. Given the high impact on confidentiality, integrity, and availability, successful exploitation could result in operational downtime, financial losses, regulatory penalties, and damage to reputation. The requirement for write access to the system drive root limits the attack surface but does not eliminate risk, particularly in environments with insufficient access controls or insider threats. Additionally, the vulnerability could be leveraged as part of a multi-stage attack chain to escalate privileges after initial access. The absence of known exploits reduces immediate risk but should not lead to complacency. European organizations must assess their exposure, especially those with Roboticsware deployments in critical sectors.

1. Immediately audit and restrict write permissions on the root directory of the system drive (e.g., C:\) to prevent unauthorized users from placing executables there. 2. If possible, upgrade Roboticsware FA-Panel6 to a version later than Rev17 once patches are released. 3. As an interim measure, manually inspect and correct service registrations to ensure all executable paths are properly quoted. This can be done using tools like 'sc qc' or registry inspection under HKLM\SYSTEM\CurrentControlSet\Services. 4. Implement application whitelisting to prevent unauthorized executables from running, especially from the system drive root. 5. Monitor system logs and service start events for unusual behavior or unauthorized service modifications. 6. Employ endpoint detection and response (EDR) solutions to detect suspicious activity related to service execution or privilege escalation attempts. 7. Educate system administrators about the risks of misconfigured permissions and unquoted service paths. 8. Limit administrative privileges and enforce the principle of least privilege to reduce the likelihood of an attacker gaining write access to critical directories.