CVE-2025-9016 is a high-severity vulnerability affecting Mechrevo Control Center GX V2 version 5.56.51.48. The flaw resides in the Powershell Script Handler component, specifically within a file located at C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command. The vulnerability is characterized as an uncontrolled search path issue, which means that the software improperly handles the directories it searches for executable or script files. This can lead to the execution of malicious code if an attacker can place a crafted file in a location that the application searches before the legitimate one. Exploitation requires local access to the system, and the attack complexity is rated as high, indicating that successful exploitation demands significant skill or conditions. The vulnerability does not require user interaction and does not allow privilege escalation beyond the current user level, but it impacts confidentiality, integrity, and availability at a high level. The CVSS 4.0 score is 7.3, reflecting these factors. Although no public exploits are currently known in the wild, the vulnerability has been disclosed publicly, which increases the risk of future exploitation attempts. The lack of available patches at the time of disclosure further elevates the threat. The uncontrolled search path vulnerability can allow an attacker with local access to execute arbitrary code with the privileges of the logged-in user, potentially leading to data compromise or system disruption. Given the involvement of Powershell scripts, the attack surface includes script execution environments common in Windows-based systems.

For European organizations, the impact of CVE-2025-9016 can be significant, especially for those using Mechrevo laptops or systems pre-installed with the Control Center GX V2 software. The vulnerability allows local attackers to execute arbitrary code, which could lead to unauthorized data access, modification, or destruction. This is particularly concerning for organizations handling sensitive personal data under GDPR, as any breach could result in regulatory penalties and reputational damage. Additionally, the ability to compromise system integrity and availability could disrupt business operations, especially in sectors relying on endpoint security and system management tools. Since exploitation requires local access, the threat is higher in environments where endpoint security is weak or where physical or remote local access is possible (e.g., through compromised credentials or insider threats). The high complexity of exploitation somewhat limits widespread attacks but does not eliminate targeted attacks against high-value assets. The lack of patches means organizations must rely on mitigations until updates are available, increasing exposure time.

1. Restrict local access strictly to trusted users and enforce strong authentication and access control policies to minimize the risk of local exploitation. 2. Monitor and audit local user activities on systems running Mechrevo Control Center GX V2 to detect suspicious behavior indicative of exploitation attempts. 3. Employ application whitelisting and script execution policies (e.g., via Windows Defender Application Control or AppLocker) to prevent unauthorized Powershell scripts from running. 4. Isolate or limit the use of the affected software on critical systems until a patch is released. 5. Regularly update endpoint protection solutions to detect potential exploitation attempts leveraging this vulnerability. 6. Engage with Mechrevo or authorized vendors to obtain patches or workarounds as soon as they become available. 7. Educate users about the risks of local access vulnerabilities and enforce policies against installing unauthorized software or scripts. 8. Consider network segmentation to limit lateral movement if a local compromise occurs.