CVE-2025-66269 is a vulnerability classified under CWE-428 (Unquoted Search Path or Element) found in MegaTec Taiwan's UPSilon 2000 V6.0.5 software. The vulnerability affects two services, RupsMon and USBMate, which run with SYSTEM privileges on Windows systems. These services have unquoted service paths, meaning the executable paths contain spaces but are not enclosed in quotation marks. This misconfiguration allows a local attacker who has write permissions to directories higher in the path hierarchy to place a malicious executable that could be executed with SYSTEM privileges when the service starts or restarts. This form of path interception can lead to privilege escalation from a lower privileged user to SYSTEM, compromising the entire system's confidentiality, integrity, and availability. The CVSS 4.0 base score is 7.1 (high), reflecting the ease of exploitation given local access and the significant impact of SYSTEM-level compromise. The attack vector is local (AV:L), with low attack complexity (AC:L), requiring privileges (PR:L) and partial user interaction (AT:P) is not needed. The vulnerability has not been reported exploited in the wild yet, but the risk is substantial due to the critical nature of the affected services managing UPS hardware. No patches are currently linked, so mitigation requires manual intervention or vendor updates. The vulnerability is particularly relevant to environments where UPSilon 2000 is deployed for uninterruptible power supply management, often critical infrastructure in industrial, healthcare, and data center environments.

For European organizations, this vulnerability poses a significant risk especially to those relying on UPSilon 2000 for managing uninterruptible power supplies in critical infrastructure such as hospitals, manufacturing plants, data centers, and utilities. Successful exploitation allows local attackers to escalate privileges to SYSTEM, potentially leading to full system compromise, disruption of power management, and cascading failures in dependent systems. This can result in downtime, data loss, and operational disruption. The confidentiality of sensitive operational data could be compromised, and integrity of power management controls could be undermined, risking physical damage or safety incidents. Given the critical role of UPS systems in maintaining power continuity, this vulnerability could have severe consequences for availability and safety. European organizations with complex IT environments and multiple users with local access are particularly vulnerable if directory permissions are not tightly controlled. The lack of known exploits in the wild provides a window for proactive mitigation, but the high severity score demands urgent attention.

1. Immediately audit and correct the service executable paths for RupsMon and USBMate services to ensure all paths are properly quoted to prevent path interception. 2. Restrict write permissions on all directories leading up to the service executable locations to trusted administrators only, preventing unauthorized users from placing malicious executables. 3. Implement strict local user privilege management to minimize the number of users with write access to system directories. 4. Monitor system logs and service start events for unusual activity that may indicate exploitation attempts. 5. If vendor patches become available, prioritize their deployment in all affected environments. 6. Consider isolating UPSilon 2000 management systems from general user workstations to reduce local attack surface. 7. Conduct regular security training for administrators on the risks of unquoted service paths and privilege escalation techniques. 8. Employ application whitelisting to prevent unauthorized executables from running in critical directories. 9. Use endpoint detection and response (EDR) tools to detect suspicious local privilege escalation behaviors. 10. Document and test incident response plans specifically for UPS management system compromises.