CVE-2025-9818 is a vulnerability classified under CWE-428 (Unquoted Search Path or Element) affecting the PowerAttendant Standard Edition, a UPS management application developed by OMRON SOCIAL SOLUTIONS Co., Ltd. The issue arises because the executable file paths used by Windows services installed by this application are not enclosed in quotation marks. On Windows systems, if a service executable path contains spaces and is not quoted, the operating system may incorrectly parse the path and execute unintended programs located in directories earlier in the path string. This can lead to privilege escalation, as the service typically runs with elevated privileges (often SYSTEM or administrative level). An attacker who can place a malicious executable in a directory path segment preceding the intended executable could cause their code to run with the service's privileges. The vulnerability requires that the installation folder path contains spaces, which is common in Windows environments (e.g., "C:\Program Files\..."). The CVSS v3.1 base score is 6.7 (medium severity), reflecting that exploitation requires local access with high privileges (PR:H), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (all high). No known exploits are reported in the wild yet. This vulnerability is significant because it can allow unauthorized code execution under service privileges, potentially leading to full system compromise or disruption of UPS management functions critical for power reliability.

For European organizations, this vulnerability poses a risk primarily to IT infrastructure relying on OMRON's PowerAttendant Standard Edition for UPS management. Successful exploitation could allow attackers with local access to escalate privileges and execute arbitrary code with elevated rights. This could lead to unauthorized control over UPS devices, potentially disrupting power management and causing downtime or damage to critical systems dependent on uninterrupted power. Confidentiality of system data could be compromised, and integrity of UPS management operations undermined. Availability could be affected if attackers disable or manipulate UPS functions, impacting business continuity especially in sectors like manufacturing, healthcare, data centers, and critical infrastructure where power stability is vital. Given that the vulnerability requires local access and high privileges, the threat is more relevant in environments where insider threats or lateral movement by attackers are possible. European organizations with complex IT environments and those using default or space-containing installation paths are at higher risk.

1. Immediately verify and modify the installation path of PowerAttendant Standard Edition to avoid spaces in directory names, e.g., install under a path like C:\PowerAttendant instead of C:\Program Files\PowerAttendant. 2. Review and correct the service executable paths in Windows Services (using tools like sc.exe or PowerShell) to ensure all paths are properly enclosed in quotation marks. 3. Apply principle of least privilege by restricting local administrative access to trusted personnel only, reducing the risk of local exploitation. 4. Monitor and audit directories in the service path for unauthorized files or executables that could be leveraged in an attack. 5. Implement application whitelisting or code integrity policies (e.g., Windows Defender Application Control) to prevent execution of unauthorized binaries. 6. Regularly update and patch the PowerAttendant software once OMRON releases a fix or patch addressing this vulnerability. 7. Educate system administrators about the risks of unquoted service paths and enforce secure installation practices for all software.